CVE-2016-7032

Опубликовано: 14 апр. 2017

Источник: debian

EPSS Низкий

Описание

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sudo	fixed	1.8.15-1		package
sudo	no-dsa		jessie	package

Примечания

https://www.sudo.ws/alerts/noexec_bypass.html
This CVE is for the bypass via system() and popen(). The wordpexp() bypass
is tracked under CVE-2016-7076.
https://www.sudo.ws/devel.html#1.8.15rc1
https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
https://www.sudo.ws/repos/sudo/rev/a826cd7787e9

EPSS

Процентиль: 10%

0.00035

Низкий

Связанные уязвимости

CVE-2016-7032

CVSS3: 7

ubuntu

больше 8 лет назад

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

CVE-2016-7032

CVSS3: 6.4

redhat

около 9 лет назад

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

CVE-2016-7032

CVSS3: 7

nvd

больше 8 лет назад

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

GHSA-wmxc-c63f-gpf8

CVSS3: 7

github

больше 3 лет назад

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

SUSE-SU-2016:2893-1

suse-cvrf

почти 9 лет назад

Security update for sudo

EPSS

Процентиль: 10%

0.00035

Низкий