FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- certain authorized users could run commands as any user

Affected packages
1.6.9 <= sudo < 1.6.9.20

Details

VuXML ID 13d6d997-f455-11dd-8516-001b77d09812
Discovery 2009-02-04
Entry 2009-02-06

Todd Miller reports:

A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies.

[source]

References

Bugtraq ID 33517
CVE Name CVE-2009-0034
Message 200902041802.n14I2llS024155@core.courtesan.com

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.