{ "threat_severity" : "Moderate", "public_date" : "2016-10-26T00:00:00Z", "bugzilla" : { "description" : "sudo: noexec bypass via system() and popen()", "id" : "1372830", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372830" }, "cvss" : { "cvss_base_score" : "6.6", "cvss_scoring_vector" : "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "6.4", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-184", "details" : [ "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges." ], "acknowledgement" : "This issue was discovered by Florian Weimer (Red Hat).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-12-06T00:00:00Z", "advisory" : "RHSA-2016:2872", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "sudo-0:1.8.6p3-25.el6_8" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-12-06T00:00:00Z", "advisory" : "RHSA-2016:2872", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "sudo-0:1.8.6p7-21.el7_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "sudo", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-7032\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7032\nhttps://www.sudo.ws/alerts/noexec_bypass.html" ], "name" : "CVE-2016-7032", "csaw" : false }