parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00049
Percentile: 0.15087

CVSS Scoring

Mapped CWE(s)

• CWE-863 : Incorrect Authorization

Affected Products

• cpe:2.3:a:gratisoft:sudo:1.6.9:p17:*:*:*:*:*:*
• cpe:2.3:a:gratisoft:sudo:1.6.9:p18:*:*:*:*:*:*
• cpe:2.3:a:gratisoft:sudo:1.6.9:p19:*:*:*:*:*:*
• cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

← Back to Home