CVE-2016-7076

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7076

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7076.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-7076

Related

Published

2018-05-29T13:29:00Z

Modified

2024-09-18T02:31:54.820283Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

References

Affected packages

Debian:11 / sudo

Package

Name: sudo
Purl: pkg:deb/debian/sudo?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.18p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sudo

Package

Name: sudo
Purl: pkg:deb/debian/sudo?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.18p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sudo

Package

Name: sudo
Purl: pkg:deb/debian/sudo?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.18p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/millert/sudo

Affected ranges

Type: GIT
Repo: https://github.com/millert/sudo
Events: Introduced

0c0dcf2e3294cc022a4f6af52986cfca2b9be05a

Last affected

ccdb84c0bf2a8daef2dc960f65fc9e6f1b83ccaf

Affected versions

Other

SUDO_1_6_8

SUDO_1_6_8p1

SUDO_1_7_0

SUDO_1_7_1

SUDO_1_7_2

SUDO_1_8_0

SUDO_1_8_1

SUDO_1_8_10

SUDO_1_8_10p1

SUDO_1_8_10p2

SUDO_1_8_10p3

SUDO_1_8_11

SUDO_1_8_11p1

SUDO_1_8_11p2

SUDO_1_8_12

SUDO_1_8_13

SUDO_1_8_14

SUDO_1_8_14p1

SUDO_1_8_14p3

SUDO_1_8_15

SUDO_1_8_16

SUDO_1_8_17

SUDO_1_8_17p1

SUDO_1_8_18

SUDO_1_8_2

SUDO_1_8_3

SUDO_1_8_4

SUDO_1_8_4p1

SUDO_1_8_4p2

SUDO_1_8_4p3

SUDO_1_8_4p4

SUDO_1_8_4p5

SUDO_1_8_5

SUDO_1_8_5p1

SUDO_1_8_5p2

SUDO_1_8_5p3

SUDO_1_8_6

SUDO_1_8_6p1

SUDO_1_8_6p2

SUDO_1_8_6p3

SUDO_1_8_6p4

SUDO_1_8_6p5

SUDO_1_8_6p6

SUDO_1_8_6p7

SUDO_1_8_6p8

SUDO_1_8_7

SUDO_1_8_8

SUDO_1_8_9

SUDO_1_8_9p1

SUDO_1_8_9p2

SUDO_1_8_9p3

SUDO_1_8_9p4

SUDO_1_8_9p5