CVE-2016-7032

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Published: Apr 14, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-7032
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.8.9	1.8.9.x
todd_miller / sudo	1.7.0	1.7.0.x
todd_miller / sudo	1.8.5	1.8.5.x
todd_miller / sudo	1.8.4	1.8.4.x
todd_miller / sudo	1.8.10	1.8.10.x
todd_miller / sudo	1.7.1	1.7.1.x
todd_miller / sudo	1.8.6	1.8.6.x
todd_miller / sudo	1.7.2	1.7.2.x
todd_miller / sudo	1.6.8	1.6.8.x
todd_miller / sudo	1.8.8	1.8.8.x
todd_miller / sudo	1.7.4	1.7.4.x
todd_miller / sudo	1.7.10	1.7.10.x
todd_miller / sudo	1.7.5	1.7.5.x
todd_miller / sudo	1.7.7	1.7.7.x
todd_miller / sudo	1.8.2	1.8.2.x
todd_miller / sudo	1.8.13	1.8.13.x
todd_miller / sudo	1.8.14-p3	1.8.14-p3.x
todd_miller / sudo	1.7.6	1.7.6.x
todd_miller / sudo	1.6.9	1.6.9.x
todd_miller / sudo	1.7.9	1.7.9.x
todd_miller / sudo	1.8.7	1.8.7.x
todd_miller / sudo	1.8.1	1.8.1.x
todd_miller / sudo	1.8.12	1.8.12.x
todd_miller / sudo	1.8.3	1.8.3.x
todd_miller / sudo	1.8.11	1.8.11.x
todd_miller / sudo	1.8.0	1.8.0.x
todd_miller / sudo	1.7.3	1.7.3.x
todd_miller / sudo	1.7.8	1.7.8.x

Vulnerability Database

289,599

CVE-2016-7032