Your submission was sent successfully! Close

CVE-2016-7091

Published: 22 December 2016

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Notes

AuthorNote
mdeslaur
INPUTRC isn't included in debian/ubuntu, rh-specific
Priority

Medium

CVSS 3 base score: 4.4

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable