CVE-2016-7091

Name of the Vulnerable Software and Affected Versions sudo (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified)

Description A flaw was discovered in the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations, where the value of INPUTRC is preserved. This could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could exploit this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Recommendations For sudo, consider restricting access to the INPUTRC variable until a patch is available. For Red Hat Enterprise Linux, at the moment, there is no information about a newer version that contains a fix for this issue.