FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- Potential bypass of sudo_noexec.so via wordexp()

Affected packages
1.6.8 <= sudo < 1.8.18p1

Details

VuXML ID 2e4fbc9a-9d23-11e6-a298-14dae9d210b8
Discovery 2016-10-28
Entry 2016-10-28

Todd C. Miller reports:

A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp() function.

[source]

References

CVE Name CVE-2016-7076
URL https://www.sudo.ws/alerts/noexec_wordexp.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.