CVE-2016-7091

MEDIUM

Redhat Enterprise Linux - Information Disclosure

Title source: rule

Description

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92615

[Third Party Advisory] https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html

[Patch, Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2016-2593.html

Scores

CVSS v3 4.4

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (6)

redhat/enterprise_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_hpc_node

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

n/a/n/a

Timeline

Published Dec 22, 2016

Tracked Since Feb 18, 2026