Published: 22/12/2016 Updated: 23/12/2016

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

sudo: It exists that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux workstation 7.0

Synopsis Low: sudo security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for sudo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base scor ...

It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo ...

CWE-200 https://rhn.redhat.com/errata/RHSA-2016-2593.html https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html http://www.securityfocus.com/bid/92615 https://access.redhat.com/errata/RHSA-2016:2593 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-7091

CVE-2016-7091

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect