{
  "threat_severity" : "Moderate",
  "public_date" : "2016-10-26T00:00:00Z",
  "bugzilla" : {
    "description" : "sudo: noexec bypass via wordexp()",
    "id" : "1384982",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384982"
  },
  "cvss" : {
    "cvss_base_score" : "6.6",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-184",
  "details" : [ "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges." ],
  "acknowledgement" : "This issue was discovered by Florian Weimer (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-12-06T00:00:00Z",
    "advisory" : "RHSA-2016:2872",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "sudo-0:1.8.6p3-25.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-12-06T00:00:00Z",
    "advisory" : "RHSA-2016:2872",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "sudo-0:1.8.6p7-21.el7_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "sudo",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-7076\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7076\nhttps://www.sudo.ws/alerts/noexec_wordexp.html" ],
  "name" : "CVE-2016-7076",
  "csaw" : false
}