Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7091

Опубликовано: 24 мая 2016
Источник: redhat
CVSS2: 3.6
EPSS Низкий

Описание

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5compat-readline43Will not fix
Red Hat Enterprise Linux 5readlineWill not fix
Red Hat Enterprise Linux 5sudoWill not fix
Red Hat Enterprise Linux 6compat-readline5Will not fix
Red Hat Enterprise Linux 6readlineWill not fix
Red Hat Enterprise Linux 6sudoWill not fix
Red Hat Enterprise Linux 7readlineWill not fix
Red Hat JBoss Enterprise Web Server 1readlineWill not fix
Red Hat OpenShift Enterprise 2readlineWill not fix
Red Hat Enterprise Linux 7sudoFixedRHSA-2016:259303.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1339935sudo: Possible info leak via INPUTRC

EPSS

Процентиль: 24%
0.0008
Низкий

3.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7091

CVSS3: 4.4
ubuntu
больше 8 лет назад

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

nvd логотип

CVE-2016-7091

CVSS3: 4.4
nvd
больше 8 лет назад

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

debian логотип

CVE-2016-7091

CVSS3: 4.4
debian
больше 8 лет назад

sudo: It was discovered that the default sudo configuration on Red Hat ...

github логотип

GHSA-4h4j-rqc9-6rq3

CVSS3: 4.4
github
больше 3 лет назад

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

oracle-oval логотип

ELSA-2016-2593

oracle-oval
почти 9 лет назад

ELSA-2016-2593: sudo security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 24%
0.0008
Низкий

3.6 Low

CVSS2