CVE-2009-0034

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.9p17 through 1.6.9p19

Description The issue concerns the improper interpretation of a system group in the sudoers file during authorization decisions for users belonging to that group. This allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. The vulnerability can be exploited locally and may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For sudo versions 1.6.9p17 through 1.6.9p19, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the sudo command for users who belong to system groups until a patch is applied. Additionally, review and restrict the sudoers file to minimize the risk of exploitation.