6 matches found
UBUNTU-CVE-2016-7076
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...
UBUNTU-CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
DEBIAN-CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
sudo: noexec bypass via system() and popen()
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute...
sudo: noexec bypass via wordexp()
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
SUSE-SU-2016:2904-1 Security update for sudo
This update for sudo fixes the following security issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...