Published: 29/05/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo project sudo

Synopsis Moderate: sudo security update Type/Severity Security Advisory: Moderate Topic An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sys ...

Several security issues were fixed in Sudo ...

Debian Bug report logs - #842507 sudo: CVE-2016-7076: noexec bypass via wordexp() Package: src:sudo; Maintainer for src:sudo is Bdale Garbee <bdale@gagcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 29 Oct 2016 20:27:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream F ...

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges (CVE-2016- ...

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges ...

CWE-77 https://www.sudo.ws/alerts/noexec_wordexp.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076 http://www.securityfocus.com/bid/95778 http://rhn.redhat.com/errata/RHSA-2016-2872.html https://security.netapp.com/advisory/ntap-20181127-0002/https://usn.ubuntu.com/3968-1/https://usn.ubuntu.com/3968-3/https://access.redhat.com/errata/RHSA-2016:2872 https://usn.ubuntu.com/3968-1/https://nvd.nist.gov

CVE-2016-7076

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect