Vulnerability Description
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sudo Project | Sudo | >= 1.6.8, <= 1.8.18 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2872.htmlThird Party Advisory
- http://www.securityfocus.com/bid/95778Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076Issue Tracking
- https://security.netapp.com/advisory/ntap-20181127-0002/
- https://usn.ubuntu.com/3968-1/
- https://usn.ubuntu.com/3968-3/
- https://www.sudo.ws/alerts/noexec_wordexp.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2872.htmlThird Party Advisory
- http://www.securityfocus.com/bid/95778Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076Issue Tracking
- https://security.netapp.com/advisory/ntap-20181127-0002/
- https://usn.ubuntu.com/3968-1/
- https://usn.ubuntu.com/3968-3/
- https://www.sudo.ws/alerts/noexec_wordexp.htmlThird Party Advisory
FAQ
What is CVE-2016-7076?
CVE-2016-7076 is a vulnerability with a CVSS score of 6.4 (MEDIUM). sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user perm...
How severe is CVE-2016-7076?
CVE-2016-7076 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7076?
Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo.