PT-2018-4982 · Sudo+5 · Sudo+5

Florian Weimer

Published

2016-11-17

Updated

2024-06-15

CVE-2016-7076

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sudo versions prior to 1.8.18p1

Description The issue allows a local user to bypass the sudo noexec restriction. This can happen when an application run via sudo executes the wordexp() C library function with a user-supplied argument. As a result, a local user permitted to run such an application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Recommendations For versions prior to 1.8.18p1, update to version 1.8.18p1 or later to resolve the issue.

Exploit

Fix

Command Injection

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-184

Related Identifiers

ALT-PU-2017-1056

CESA-2016_2872

CVE-2016-7076

DLA-707-1

MGASA-2016-0389

OPENSUSE-SU-2024:11413-1

RHSA-2016:2872

RHSA-2016_2872

SUSE-SU-2016:2891-1

SUSE-SU-2016:2893-1

SUSE-SU-2016:2904-1

USN-3968-1

USN-3968-3

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Sudo

PT-2018-4982 · Sudo+5 · Sudo+5

CVE-2016-7076

Weakness Enumeration

Related Identifiers

Affected Products

References · 115