Back to bug 1372830
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-09-02 19:56:52 UTC | CC | security-response-team | |
| Kurt Seifried | 2016-09-02 19:59:43 UTC | CC | fweimer, kseifried | |
| Kurt Seifried | 2016-09-02 19:59:55 UTC | Blocks | 1372831 | |
| Tomas Hoger | 2016-10-11 16:04:59 UTC | Whiteboard | impact=important,public=no,reported=20160902,source=redhat,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7.5/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,cwe==CWE-20,rhel-7/sudo=affected,rhel-6/sudo=new,rhel-5/sudo=new | impact=important,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected |
| Tomas Hoger | 2016-10-14 13:46:24 UTC | Fixed In Version | sudo 1.8.15rc1 | |
| Summary | EMBARGOED CVE-2016-7032 sudo: noexec can be bypassed | EMBARGOED CVE-2016-7032 sudo: noexec bypass via system() and popen() | ||
| Whiteboard | impact=important,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected | impact=important,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected | ||
| Tomas Hoger | 2016-10-26 21:12:19 UTC | Priority | high | medium |
| Whiteboard | impact=important,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected | impact=moderate,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected | ||
| Severity | high | medium | ||
| Tomas Hoger | 2016-10-27 18:03:57 UTC | Group | security, qe_staff | |
| Fixed In Version | sudo 1.8.15rc1 | sudo 1.8.15 | ||
| Summary | EMBARGOED CVE-2016-7032 sudo: noexec bypass via system() and popen() | CVE-2016-7032 sudo: noexec bypass via system() and popen() | ||
| Whiteboard | impact=moderate,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected | impact=moderate,public=20161026,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected | ||
| Salvatore Bonaccorso | 2016-10-28 07:23:53 UTC | CC | carnil | |
| Slawomir Czarko | 2016-10-28 08:40:26 UTC | CC | slawomir | |
| Tomas Hoger | 2016-11-04 12:44:06 UTC | Depends On | 1391937 | |
| Tomas Hoger | 2016-11-04 12:44:12 UTC | Depends On | 1391938 | |
| Tomas Hoger | 2016-11-04 12:44:17 UTC | Depends On | 1391939 | |
| Tomas Hoger | 2016-11-04 12:44:21 UTC | Depends On | 1391940 | |
| Tomas Hoger | 2016-11-04 13:04:43 UTC | Doc Text | It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges. | |
| Dalibor Pospíšil | 2016-11-25 10:20:14 UTC | CC | dapospis, thoger | |
| Flags | needinfo?(thoger) | |||
| Tomas Hoger | 2016-11-25 10:56:07 UTC | Flags | needinfo?(thoger) | |
| Tomas Hoger | 2016-12-06 11:56:17 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-06 06:56:17 UTC | |||
| Yasuhiro Ozone | 2017-06-22 23:11:31 UTC | CC | yozone | |
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20161026,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=notaffected |
Back to bug 1372830