CVE-2016-7076 MEDIUM

CVE-2016-7076

Vendor [Unknown]
Product sudo
Weakness CWE-184
Published May 29, 2018
Last update August 6, 2024

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Key dates

02Disclosure timeline

May 29, 2018 CVE published
August 6, 2024 Record updated