CVE-2016-7076

Priority
Description
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec
restriction if application run via sudo executed wordexp() C library
function with a user supplied argument. A local user permitted to run such
application via sudo with noexec restriction could possibly use this flaw
to execute arbitrary commands with elevated privileges.
Notes
 sarnold> See also CVE-2016-7032
 sarnold> This alert mentions a seccomp-based filter. If we decide to
  backport that filter for this CVE, and CVE-2016-7032, then 'medium'
  may continue to be appropriate. If we decide the seccomp-based filter
  is not suitable for a backport, then perhaps 'negligible' would be
  appropriate.
Assigned-to
mdeslaur
Package
Source: sudo (LP Ubuntu Debian)
Upstream:released (1.8.18p1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.16-0ubuntu1.6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.8.19p1-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.8.19p1-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.8.19p1-1ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (1.8.19p1-1ubuntu1)
Patches:
Upstream:https://www.sudo.ws/repos/sudo/rev/e7d09243e51b
Upstream:https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
Upstream:https://www.sudo.ws/repos/sudo/rev/167a518d8129
Upstream:https://www.sudo.ws/repos/sudo/rev/59d76bdc0f0c
Upstream:https://www.sudo.ws/repos/sudo/rev/5d88d7cda853
Upstream:https://www.sudo.ws/repos/sudo/rev/120a317ce25b
More Information

Updated: 2019-05-06 19:14:23 UTC (commit 2a7972bafb9b79a6e652904a4b622a98f87a3641)