CVE-2016-7076

Sažetak

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Reference

https://www.sudo.ws/alerts/noexec_wordexp.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076
http://www.securityfocus.com/bid/95778
http://rhn.redhat.com/errata/RHSA-2016-2872.html
https://security.netapp.com/advisory/ntap-20181127-0002/
https://usn.ubuntu.com/3968-1/
https://usn.ubuntu.com/3968-3/

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:34

Objavljeno

29-05-2018 - 13:29