Vulnerability-Lookup

CVE-2016-7076 (GCVE-0-2016-7076)

Vulnerability from cvelistv5 – Published: 2018-05-29 13:00 – Updated: 2024-08-06 01:50

Summary

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-184

Assigner

redhat

References

URL

Tags

	https://www.sudo.ws/alerts/noexec_wordexp.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2872.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/95778	vdb-entryx_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2018112…	x_refsource_CONFIRM
	https://usn.ubuntu.com/3968-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3968-3/	vendor-advisoryx_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	sudo	Affected: sudo 1.8.18p1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:46.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
          },
          {
            "name": "RHSA-2016:2872",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
          },
          {
            "name": "95778",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
          },
          {
            "name": "USN-3968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3968-1/"
          },
          {
            "name": "USN-3968-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3968-3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sudo",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "sudo 1.8.18p1"
            }
          ]
        }
      ],
      "datePublic": "2016-10-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-29T17:06:19.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
        },
        {
          "name": "RHSA-2016:2872",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
        },
        {
          "name": "95778",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
        },
        {
          "name": "USN-3968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3968-1/"
        },
        {
          "name": "USN-3968-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3968-3/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-7076",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "sudo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "sudo 1.8.18p1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-184"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sudo.ws/alerts/noexec_wordexp.html",
              "refsource": "CONFIRM",
              "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
            },
            {
              "name": "RHSA-2016:2872",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
            },
            {
              "name": "95778",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95778"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181127-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
            },
            {
              "name": "USN-3968-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3968-1/"
            },
            {
              "name": "USN-3968-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3968-3/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-7076",
    "datePublished": "2018-05-29T13:00:00.000Z",
    "dateReserved": "2016-08-23T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:50:46.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2016-7076

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7076

Aliases

CVE-2016-7076

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7076",
    "description": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",
    "id": "GSD-2016-7076",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7076.html",
      "https://access.redhat.com/errata/RHSA-2016:2872",
      "https://ubuntu.com/security/CVE-2016-7076",
      "https://advisories.mageia.org/CVE-2016-7076.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-7076.html",
      "https://linux.oracle.com/cve/CVE-2016-7076.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7076"
      ],
      "details": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",
      "id": "GSD-2016-7076",
      "modified": "2023-12-13T01:21:21.047749Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-7076",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "sudo",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "sudo 1.8.18p1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "[UNKNOWN]"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
          }
        ]
      },
      "impact": {
        "cvss": [
          [
            {
              "vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.0"
            }
          ],
          [
            {
              "vectorString": "6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C",
              "version": "2.0"
            }
          ]
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-184"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sudo.ws/alerts/noexec_wordexp.html",
            "refsource": "CONFIRM",
            "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
          },
          {
            "name": "RHSA-2016:2872",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
          },
          {
            "name": "95778",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95778"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20181127-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
          },
          {
            "name": "USN-3968-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3968-1/"
          },
          {
            "name": "USN-3968-3",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3968-3/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.18",
                "versionStartIncluding": "1.6.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-7076"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sudo.ws/alerts/noexec_wordexp.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
            },
            {
              "name": "95778",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95778"
            },
            {
              "name": "RHSA-2016:2872",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181127-0002/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
            },
            {
              "name": "USN-3968-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/3968-1/"
            },
            {
              "name": "USN-3968-3",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/3968-3/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-09-30T18:15Z",
      "publishedDate": "2018-05-29T13:29Z"
    }
  }
}

GHSA-V56M-9VH5-5QH5

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-29T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",
  "id": "GHSA-v56m-9vh5-5qh5",
  "modified": "2022-05-13T01:15:06Z",
  "published": "2022-05-13T01:15:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7076"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181127-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3968-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3968-3"
    },
    {
      "type": "WEB",
      "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-02598

Vulnerability from cnvd - Published: 2017-03-10

Title

IBM PowerKVM命令执行漏洞

Description

IBM PowerKVM是美国IBM公司的一套专为基于POWER8技术的Linux服务器的Power扩展功能而提供的开放式虚拟化解决方案。该方案支持通过服务器虚拟化共享物理计算机的内存和I/O资源等。 IBM PowerKVM 2.1和3.1版本中存在命令执行漏洞。本地攻击者可利用该漏洞执行任意命令。

Severity

高

Patch Name

IBM PowerKVM命令执行漏洞的补丁

Patch Description

IBM PowerKVM是美国IBM公司的一套专为基于POWER8技术的Linux服务器的Power扩展功能而提供的开放式虚拟化解决方案。该方案支持通过服务器虚拟化共享物理计算机的内存和I/O资源等。 IBM PowerKVM 2.1和3.1版本中存在命令执行漏洞。本地攻击者可利用该漏洞执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=isg3T1024766

Reference

http://www.securityfocus.com/bid/95778

Impacted products

Name
['IBM PowerKVM 3.1', 'IBM PowerKVM 2.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7076",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076"
    }
  },
  "description": "IBM PowerKVM\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3a\u57fa\u4e8ePOWER8\u6280\u672f\u7684Linux\u670d\u52a1\u5668\u7684Power\u6269\u5c55\u529f\u80fd\u800c\u63d0\u4f9b\u7684\u5f00\u653e\u5f0f\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u901a\u8fc7\u670d\u52a1\u5668\u865a\u62df\u5316\u5171\u4eab\u7269\u7406\u8ba1\u7b97\u673a\u7684\u5185\u5b58\u548cI/O\u8d44\u6e90\u7b49\u3002\r\n\r\nIBM PowerKVM 2.1\u548c3.1\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=isg3T1024766",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-02598",
  "openTime": "2017-03-10",
  "patchDescription": "IBM PowerKVM\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3a\u57fa\u4e8ePOWER8\u6280\u672f\u7684Linux\u670d\u52a1\u5668\u7684Power\u6269\u5c55\u529f\u80fd\u800c\u63d0\u4f9b\u7684\u5f00\u653e\u5f0f\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u901a\u8fc7\u670d\u52a1\u5668\u865a\u62df\u5316\u5171\u4eab\u7269\u7406\u8ba1\u7b97\u673a\u7684\u5185\u5b58\u548cI/O\u8d44\u6e90\u7b49\u3002\r\n\r\nIBM PowerKVM 2.1\u548c3.1\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM PowerKVM\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM PowerKVM 3.1",
      "IBM PowerKVM 2.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95778",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-01",
  "title": "IBM PowerKVM\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2016-7076

Vulnerability from fkie_nvd - Published: 2018-05-29 13:29 - Updated: 2024-11-21 02:57

Severity ?

6.4 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2016-2872.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/95778	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076	Issue Tracking
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20181127-0002/
secalert@redhat.com	https://usn.ubuntu.com/3968-1/
secalert@redhat.com	https://usn.ubuntu.com/3968-3/
secalert@redhat.com	https://www.sudo.ws/alerts/noexec_wordexp.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2872.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95778	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20181127-0002/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3968-1/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3968-3/
af854a3a-2127-422b-91ae-364da2661108	https://www.sudo.ws/alerts/noexec_wordexp.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	sudo_project	sudo	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF5B72BD-BF72-4F3B-86E4-8C212AEC9F8F",
              "versionEndIncluding": "1.8.18",
              "versionStartIncluding": "1.6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges."
    },
    {
      "lang": "es",
      "value": "sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisi\u00f3n en la restricci\u00f3n noexec de sudo si la aplicaci\u00f3n que se ejecuta mediante sudo ejecuta la funci\u00f3n de la biblioteca de C wordexp() con un argumento proporcionado por el usuario. Un usuario local que pueda ejecutar tal aplicaci\u00f3n mediante sudo con la restricci\u00f3n noexec podr\u00eda emplear este error para ejecutar comandos arbitrarios con privilegios elevados."
    }
  ],
  "id": "CVE-2016-7076",
  "lastModified": "2024-11-21T02:57:24.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-29T13:29:00.210",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95778"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/3968-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/3968-3/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20181127-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3968-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3968-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.sudo.ws/alerts/noexec_wordexp.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-184"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7076 (GCVE-0-2016-7076)

GSD-2016-7076

GHSA-V56M-9VH5-5QH5

CNVD-2017-02598

FKIE_CVE-2016-7076

Tags

Sightings

Nomenclature