Lucene search
GoogleOSV:DLA-707-1HistoryNov 14, 2016 - 12:00 a.m.
sudo - security update
2016-11-1400:00:00
Google
osv.dev
11
0.0004 Low
EPSS
Percentile
5.1%
It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed system(), popen() or
wordexp() C library functions with a user supplied argument. A local
user permitted to run such application via sudo with noexec
restriction could possibly use this flaw to execute arbitrary commands
with elevated privileges.
- CVE-2016-7032
noexec bypass via system() and popen() - CVE-2016-7076
noexec bypass via wordexp()
For Debian 7 Wheezy, these problems have been fixed in version
1.8.5p2-1+nmu3+deb7u2.
We recommend that you upgrade your sudo packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
| CPE | Name | Operator | Version |
|---|---|---|---|
| sudo | eq | 1.8.5p2-1+nmu1 | |
| sudo | eq | 1.8.5p2-1+nmu2 | |
| sudo | eq | 1.8.5p2-1+nmu3 | |
| sudo | eq | 1.8.5p2-1+nmu3+deb7u1 |
References
Related
amazon
amazon
Medium: sudo
2017-01-04 17:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2017-1004)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2893-1)
2021-04-19 00:00:00
CentOS Update for sudo CESA-2016:2872 centos6
2016-12-08 00:00:00
redhat
redhat
(RHSA-2016:2872) Moderate: sudo security update
2016-12-06 09:43:08
osv
osv
sudo vulnerabilities
2020-09-28 12:54:26
CVE-2016-7076
2018-05-29 13:29:00
ibm
ibm
ubuntu
ubuntu
Sudo vulnerabilities
2020-09-28 00:00:00
Sudo vulnerabilities
2019-05-06 00:00:00
debian
debian
[SECURITY] [DLA 707-1] sudo security update
2016-11-14 19:56:05
nessus
nessus
EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1004)
2017-05-01 00:00:00
OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)
2016-12-07 00:00:00
Oracle Linux 6 / 7 : sudo (ELSA-2016-2872)
2016-12-07 00:00:00
oraclelinux
oraclelinux
sudo security update
2016-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2016-7076
2018-05-29 00:00:00
CVE-2016-7032
2017-04-14 00:00:00
centos
centos
sudo security update
2016-12-07 03:43:16
f5
f5
fedora
fedora
[SECURITY] Fedora 25 Update: sudo-1.8.18p1-1.fc25
2016-11-19 22:13:00
[SECURITY] Fedora 23 Update: sudo-1.8.18p1-1.fc23
2016-11-25 07:24:28
[SECURITY] Fedora 24 Update: sudo-1.8.18p1-1.fc24
2016-11-11 20:53:34
prion
prion
Design/Logic Flaw
2018-05-29 13:29:00
Command injection
2017-04-14 18:59:00
freebsd
freebsd
sudo -- Potential bypass of sudo_noexec.so via wordexp()
2016-10-28 00:00:00
redhatcve
redhatcve
CVE-2016-7032
2016-10-27 19:47:40
CVE-2016-7076
2016-10-27 19:47:35
debiancve
debiancve
CVE-2016-7032
2017-04-14 18:59:00
CVE-2016-7076
2018-05-29 13:29:00
veracode
veracode
Privilege Escalation
2019-05-02 06:07:50
Authorization Bypass
2019-01-15 09:14:59
cvelist
cvelist
CVE-2016-7076
2018-05-29 13:00:00
CVE-2016-7032
2017-04-14 18:00:00
cve
cve
CVE-2016-7032
2017-04-14 18:59:00
CVE-2016-7076
2018-05-29 13:29:00
nvd
nvd
CVE-2016-7032
2017-04-14 18:59:00
CVE-2016-7076
2018-05-29 13:29:00
mageia
mageia
Updated sudo packages fix security vulnerability
2016-11-18 02:40:52
cloudfoundry
cloudfoundry
USN-3968-1: Sudo vulnerabilities | Cloud Foundry
2019-05-20 00:00:00