Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:2872
HistoryDec 06, 2016 - 9:43 a.m.

(RHSA-2016:2872) Moderate: sudo security update

2016-12-0609:43:08
access.redhat.com
49

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

  • It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).

OSVersionArchitecturePackageVersionFilename
RedHat7s390sudo-debuginfo<ย 1.8.6p7-21.el7_3sudo-debuginfo-1.8.6p7-21.el7_3.s390.rpm
RedHat7ppc64sudo-debuginfo<ย 1.8.6p7-21.el7_3sudo-debuginfo-1.8.6p7-21.el7_3.ppc64.rpm
RedHat6ppcsudo-debuginfo<ย 1.8.6p3-25.el6_8sudo-debuginfo-1.8.6p3-25.el6_8.ppc.rpm
RedHat6ppc64sudo-debuginfo<ย 1.8.6p3-25.el6_8sudo-debuginfo-1.8.6p3-25.el6_8.ppc64.rpm
RedHat7ppc64lesudo-devel<ย 1.8.6p7-21.el7_3sudo-devel-1.8.6p7-21.el7_3.ppc64le.rpm
RedHat6s390xsudo-devel<ย 1.8.6p3-25.el6_8sudo-devel-1.8.6p3-25.el6_8.s390x.rpm
RedHat6s390xsudo<ย 1.8.6p3-25.el6_8sudo-1.8.6p3-25.el6_8.s390x.rpm
RedHat7x86_64sudo-debuginfo<ย 1.8.6p7-21.el7_3sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm
RedHat6ppc64sudo-devel<ย 1.8.6p3-25.el6_8sudo-devel-1.8.6p3-25.el6_8.ppc64.rpm
RedHat7ppc64lesudo-debuginfo<ย 1.8.6p7-21.el7_3sudo-debuginfo-1.8.6p7-21.el7_3.ppc64le.rpm
Rows per page:
1-10 of 371

Related

openvas 15
debian 1
nessus 25
ibm 5
centos 1
osv 3
ubuntu 2
oraclelinux 1
ubuntucve 2
amazon 1
f5 1
redhatcve 2
freebsd 1
prion 2
fedora 3
debiancve 2
cvelist 2
veracode 2
mageia 1
nvd 2
cve 2
cloudfoundry 1
openvas
openvas
CentOS Update for sudo CESA-2016:2872 centos7
2017-06-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2891-1)
2021-06-09 00:00:00
RedHat Update for sudo RHSA-2016:2872-01
2016-12-07 00:00:00
debian
debian
[SECURITY] [DLA 707-1] sudo security update
2016-11-14 19:56:05
nessus
nessus
EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1004)
2017-05-01 00:00:00
Oracle Linux 6 / 7 : sudo (ELSA-2016-2872)
2016-12-07 00:00:00
OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)
2016-12-07 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo.
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in sudo affect PowerKVM
2018-06-18 01:34:46
Security Bulletin: Multiple vulnerabilities in expat, nss,ย  bind ,ย  policycoreutils, sudo shipped withย  SmartCloud Entryย Appliance
2020-07-19 00:49:12
centos
centos
sudo security update
2016-12-07 03:43:16
osv
osv
sudo - security update
2016-11-14 00:00:00
sudo vulnerabilities
2020-09-28 12:54:26
CVE-2016-7076
2018-05-29 13:29:00
ubuntu
ubuntu
Sudo vulnerabilities
2020-09-28 00:00:00
Sudo vulnerabilities
2019-05-06 00:00:00
oraclelinux
oraclelinux
sudo security update
2016-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2016-7076
2018-05-29 00:00:00
CVE-2016-7032
2017-04-14 00:00:00
amazon
amazon
Medium: sudo
2017-01-04 17:00:00
f5
f5
K49229034 : Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077
2017-06-26 00:00:00
redhatcve
redhatcve
CVE-2016-7032
2016-10-27 19:47:40
CVE-2016-7076
2016-10-27 19:47:35
freebsd
freebsd
sudo -- Potential bypass of sudo_noexec.so via wordexp()
2016-10-28 00:00:00
prion
prion
Design/Logic Flaw
2018-05-29 13:29:00
Command injection
2017-04-14 18:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: sudo-1.8.18p1-1.fc25
2016-11-19 22:13:00
[SECURITY] Fedora 23 Update: sudo-1.8.18p1-1.fc23
2016-11-25 07:24:28
[SECURITY] Fedora 24 Update: sudo-1.8.18p1-1.fc24
2016-11-11 20:53:34
debiancve
debiancve
CVE-2016-7032
2017-04-14 18:59:00
CVE-2016-7076
2018-05-29 13:29:00
cvelist
cvelist
CVE-2016-7076
2018-05-29 13:00:00
CVE-2016-7032
2017-04-14 18:00:00
veracode
veracode
Privilege Escalation
2019-05-02 06:07:50
Authorization Bypass
2019-01-15 09:14:59
mageia
mageia
Updated sudo packages fix security vulnerability
2016-11-18 02:40:52
nvd
nvd
CVE-2016-7076
2018-05-29 13:29:00
CVE-2016-7032
2017-04-14 18:59:00
cve
cve
CVE-2016-7076
2018-05-29 13:29:00
CVE-2016-7032
2017-04-14 18:59:00
cloudfoundry
cloudfoundry
USN-3968-1: Sudo vulnerabilities | Cloud Foundry
2019-05-20 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for RHSA-2016:2872
openvas15debian1nessus25ibm5centos1osv3ubuntu2oraclelinux1ubuntucve2amazon1f51redhatcve2freebsd1prion2fedora3debiancve2cvelist2veracode2mageia1nvd2cve2cloudfoundry1