CVE-2016-7076

MEDIUM

Sudo < 1.8.18 - Command Injection

Title source: rule

Description

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

References (7)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2872.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95778

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076

[Vendor Advisory] https://usn.ubuntu.com/3968-1/

[Vendor Advisory] https://usn.ubuntu.com/3968-3/

[Third Party Advisory] https://www.sudo.ws/alerts/noexec_wordexp.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20181127-0002/

Scores

CVSS v3 6.4

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-184 CWE-77

Status published

Affected Products (1)

sudo_project/sudo < 1.8.18

Timeline

Published May 29, 2018

Tracked Since Feb 18, 2026