PublicDateAtUSN: 2018-05-29 Candidate: CVE-2016-7076 PublicDate: 2018-05-29 13:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076 https://www.sudo.ws/alerts/noexec_wordexp.html https://ubuntu.com/security/notices/USN-3968-1 https://ubuntu.com/security/notices/USN-3968-3 Description: sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. Ubuntu-Description: Notes: seth-arnold> See also CVE-2016-7032 seth-arnold> This alert mentions a seccomp-based filter. If we decide to backport that filter for this CVE, and CVE-2016-7032, then 'medium' may continue to be appropriate. If we decide the seccomp-based filter is not suitable for a backport, then perhaps 'negligible' would be appropriate. Bugs: Priority: medium Discovered-by: Florian Weimer Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_sudo: upstream: https://www.sudo.ws/repos/sudo/rev/e7d09243e51b upstream: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358 upstream: https://www.sudo.ws/repos/sudo/rev/167a518d8129 upstream: https://www.sudo.ws/repos/sudo/rev/59d76bdc0f0c upstream: https://www.sudo.ws/repos/sudo/rev/5d88d7cda853 upstream: https://www.sudo.ws/repos/sudo/rev/120a317ce25b upstream_sudo: released (1.8.18p1) precise_sudo: ignored (reached end-of-life) precise/esm_sudo: ignored (end of ESM support, was needed) trusty_sudo: ignored (reached end-of-life) trusty/esm_sudo: released (1.8.9p5-1ubuntu1.5+esm5) vivid/stable-phone-overlay_sudo: ignored (reached end-of-life) vivid/ubuntu-core_sudo: ignored (reached end-of-life) xenial_sudo: released (1.8.16-0ubuntu1.6) esm-infra/xenial_sudo: released (1.8.16-0ubuntu1.6) yakkety_sudo: ignored (reached end-of-life) zesty_sudo: not-affected (1.8.19p1-1ubuntu1) artful_sudo: not-affected (1.8.19p1-1ubuntu1) bionic_sudo: not-affected (1.8.19p1-1ubuntu1) cosmic_sudo: not-affected (1.8.19p1-1ubuntu1) disco_sudo: not-affected (1.8.19p1-1ubuntu1) eoan_sudo: not-affected (1.8.19p1-1ubuntu1) focal_sudo: not-affected (1.8.19p1-1ubuntu1) groovy_sudo: not-affected (1.8.19p1-1ubuntu1) hirsute_sudo: not-affected (1.8.19p1-1ubuntu1) devel_sudo: not-affected (1.8.19p1-1ubuntu1)