CVE-2016-7032
sudo: noexec bypass via system() and popen()
Severity Score
7.0
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
Sudo_noexec.so en Sudo en versiones anteriores a 1.8.15 en Linux podría permitir a los usuarios locales evitar las restricciones de comandos noexec pretendidas a través de una aplicación que llama al (1) sistema o (2) a la función popen.
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges.
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-23 CVE Reserved
- 2016-12-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-184: Incomplete List of Disallowed Inputs
- CWE-284: Improper Access Control
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95776 | Third Party Advisory | |
| https://www.sudo.ws/alerts/noexec_bypass.html | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2872.html | 2020-09-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1372830 | 2016-12-06 | |
| https://usn.ubuntu.com/3968-3 | 2020-09-30 | |
| https://access.redhat.com/security/cve/CVE-2016-7032 | 2016-12-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.0 Search vendor "Todd Miller" for product "Sudo" and version "1.7.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.9 Search vendor "Todd Miller" for product "Sudo" and version "1.7.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.0 Search vendor "Todd Miller" for product "Sudo" and version "1.8.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.5 Search vendor "Todd Miller" for product "Sudo" and version "1.8.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.7 Search vendor "Todd Miller" for product "Sudo" and version "1.8.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.8 Search vendor "Todd Miller" for product "Sudo" and version "1.8.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.9 Search vendor "Todd Miller" for product "Sudo" and version "1.8.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.10 Search vendor "Todd Miller" for product "Sudo" and version "1.8.10" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.11 Search vendor "Todd Miller" for product "Sudo" and version "1.8.11" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.12 Search vendor "Todd Miller" for product "Sudo" and version "1.8.12" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.13 Search vendor "Todd Miller" for product "Sudo" and version "1.8.13" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.14 Search vendor "Todd Miller" for product "Sudo" and version "1.8.14" | p3 |
Affected
| ||||||