Your submission was sent successfully! Close

CVE-2016-7076

Published: 29 May 2018

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Notes

AuthorNote
seth-arnold
See also CVE-2016-7032
This alert mentions a seccomp-based filter. If we decide to
backport that filter for this CVE, and CVE-2016-7032, then 'medium'
may continue to be appropriate. If we decide the seccomp-based filter
is not suitable for a backport, then perhaps 'negligible' would be
appropriate.
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.8.19p1-1ubuntu1)
bionic Not vulnerable
(1.8.19p1-1ubuntu1)
cosmic Not vulnerable
(1.8.19p1-1ubuntu1)
disco Not vulnerable
(1.8.19p1-1ubuntu1)
eoan Not vulnerable
(1.8.19p1-1ubuntu1)
focal Not vulnerable
(1.8.19p1-1ubuntu1)
groovy Not vulnerable
(1.8.19p1-1ubuntu1)
hirsute Not vulnerable
(1.8.19p1-1ubuntu1)
precise Ignored
(end of ESM support, was needed)
trusty
Released (1.8.9p5-1ubuntu1.5+esm5)
upstream
Released (1.8.18p1)
xenial
Released (1.8.16-0ubuntu1.6)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(1.8.19p1-1ubuntu1)
Patches:
upstream: https://www.sudo.ws/repos/sudo/rev/e7d09243e51b
upstream: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
upstream: https://www.sudo.ws/repos/sudo/rev/167a518d8129
upstream: https://www.sudo.ws/repos/sudo/rev/59d76bdc0f0c
upstream: https://www.sudo.ws/repos/sudo/rev/5d88d7cda853
upstream: https://www.sudo.ws/repos/sudo/rev/120a317ce25b