Back to bug 1384982

Who When What Removed Added
Tomas Hoger 2016-10-14 13:41:49 UTC CC security-response-team
Tomas Hoger 2016-10-14 13:41:57 UTC Blocks 1372831
Tomas Hoger 2016-10-14 13:43:58 UTC CC fweimer
Tomas Hoger 2016-10-26 21:12:22 UTC Priority high medium
Whiteboard impact=important,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=affected impact=moderate,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=affected
Severity high medium
Tomas Hoger 2016-10-27 18:04:48 UTC Group security, qe_staff
Summary EMBARGOED CVE-2016-7076 sudo: noexec bypass via wordexp() CVE-2016-7076 sudo: noexec bypass via wordexp()
Whiteboard impact=moderate,public=no,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=affected impact=moderate,public=20161026,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=affected
Tomas Hoger 2016-10-27 18:05:27 UTC Depends On 1389496
Salvatore Bonaccorso 2016-10-28 07:23:42 UTC CC carnil
Slawomir Czarko 2016-10-28 08:40:44 UTC CC slawomir
Tomas Hoger 2016-11-04 12:44:06 UTC Depends On 1391937
Tomas Hoger 2016-11-04 12:44:12 UTC Depends On 1391938
Tomas Hoger 2016-11-04 12:44:17 UTC Depends On 1391939
Tomas Hoger 2016-11-04 12:44:21 UTC Depends On 1391940
Tomas Hoger 2016-11-04 13:05:20 UTC Doc Text It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
Tomas Hoger 2016-12-06 11:56:24 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-12-06 06:56:24 UTC
Yasuhiro Ozone 2018-09-27 00:06:32 UTC CC yozone
Product Security DevOps Team 2019-09-29 13:57:57 UTC Whiteboard impact=moderate,public=20161026,reported=20160902,source=redhat,cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,cvss3=6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-184,rhel-5/sudo=wontfix,rhel-6/sudo=affected,rhel-7/sudo=affected,fedora-all/sudo=affected

Back to bug 1384982