Search for vulnerabilities
Vulnerability details: VCID-byqd-8z3s-aaak
Vulnerability ID VCID-byqd-8z3s-aaak
Aliases CVE-2009-0034
Summary parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-863 Incorrect Authorization
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:0267
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2009-0034
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=481720
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2009-0034
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2009-0034
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2009-0034
Reference id Reference type URL
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://osvdb.org/51736
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0034.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0034
https://bugzilla.novell.com/show_bug.cgi?id=468923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034
http://secunia.com/advisories/33753
http://secunia.com/advisories/33840
http://secunia.com/advisories/33885
http://secunia.com/advisories/35766
https://issues.rpath.com/browse/RPL-2954
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462
http://wiki.rpath.com/Advisories:rPSA-2009-0021
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327
http://www.mandriva.com/security/advisories?name=MDVSA-2009:033
http://www.redhat.com/support/errata/RHSA-2009-0267.html
http://www.securityfocus.com/archive/1/500546/100/0/threaded
http://www.securityfocus.com/archive/1/504849/100/0/threaded
http://www.securityfocus.com/bid/33517
http://www.securitytracker.com/id?1021688
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
http://www.vupen.com/english/advisories/2009/1865
481720 https://bugzilla.redhat.com/show_bug.cgi?id=481720
cpe:2.3:a:gratisoft:sudo:1.6.9:p17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gratisoft:sudo:1.6.9:p17:*:*:*:*:*:*
cpe:2.3:a:gratisoft:sudo:1.6.9:p18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gratisoft:sudo:1.6.9:p18:*:*:*:*:*:*
cpe:2.3:a:gratisoft:sudo:1.6.9:p19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gratisoft:sudo:1.6.9:p19:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
CVE-2009-0034 https://nvd.nist.gov/vuln/detail/CVE-2009-0034
GLSA-200902-01 https://security.gentoo.org/glsa/200902-01
RHSA-2009:0267 https://access.redhat.com/errata/RHSA-2009:0267
USN-722-1 https://usn.ubuntu.com/722-1/
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0034
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11677
EPSS Score 0.0004
Published At May 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.