Fluid Attacks Database

Description

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	sudo	>=0 <1.8.18p1-1	1.8.18p1-1
debian 11	sudo	>=0 <1.8.18p1-1	1.8.18p1-1
debian 12	sudo	>=0 <1.8.18p1-1	1.8.18p1-1
debian 14	sudo	>=0 <1.8.18p1-1	1.8.18p1-1
rpm rhel5	sudo	-	-
rpm rhel6	sudo	<0:1.8.6p3-25.el6_8	0:1.8.6p3-25.el6_8
rpm rhel7	sudo	<0:1.8.6p7-21.el7_3	0:1.8.6p7-21.el7_3

Aliases

1. CVE-2016-70762. NVD-2016-70763. OSV-DEBIAN-2016-70764. OSV-2016-70765. SECURITY-TRACKER-CVE-2016-7076

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.