Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Scientific Linux: SLSA-2016:2872-1 Moderate: Sudo Permissions Exploit

Calendar Dec 14, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security issue local privilege sudo scientific linux permission exploit
Moderate: sudo security update 
Date: Wed, 14 Dec 2016 18:20:55 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: sudo on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20161214182055.15408.61995@slpackages.fnal.gov>

Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2016:2872-1
Issue Date: 2016-12-06
CVE Numbers: CVE-2016-7032
 CVE-2016-7076
--

Security Fix(es):

* It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed system(), popen(), or
wordexp() C library functions with a user supplied argument. A local user
permitted to run such application via sudo with noexec restriction could
use these flaws to execute arbitrary commands with elevated privileges.
(CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).
--

SL6
 x86_64
 sudo-1.8.6p3-25.el6_8.x86_64.rpm
 sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm
 sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
 sudo-devel-1.8.6p3-25.el6_8.i686.rpm
 sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm
 i386
 sudo-1.8.6p3-25.el6_8.i686.rpm
 sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
 sudo-devel-1.8.6p3-25.el6_8.i686.rpm
SL7
 x86_64
 sudo-1.8.6p7-21.el7_3.x86_64.rpm
 sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm
 sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm
 sudo-devel-1.8.6p7-21.el7_3.i686.rpm
 sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here