| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in sudo up to 1.8.18. It has been rated as critical. The impacted element is the function system of the component noexec. This manipulation causes command injection.
The identification of this vulnerability is CVE-2016-7076. The attack can only be executed locally. There is no exploit available.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability classified as critical was found in sudo up to 1.8.18 (Operating System Utility Software). Affected by this vulnerability is the function system of the component noexec. The manipulation with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
The bug was discovered 12/06/2016. The weakness was shared 05/29/2018 (Website). It is possible to read the advisory at rhn.redhat.com. This vulnerability is known as CVE-2016-7076 since 08/23/2016. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.
The vulnerability was handled as a non-public zero-day exploit for at least 32 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 99851 (EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1004)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Huawei Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 197451 (Ubuntu Security Notification for Sudo Vulnerabilities (USN-3968-1)).
Applying the patch 1.8.18p1 is able to eliminate this problem. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (99851) and SecurityFocus (BID 95778†). The entry VDB-101975 is related to this item. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
- 1.8.0
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.8.5
- 1.8.6
- 1.8.7
- 1.8.8
- 1.8.9
- 1.8.10
- 1.8.11
- 1.8.12
- 1.8.13
- 1.8.14
- 1.8.15
- 1.8.16
- 1.8.17
- 1.8.18
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 6.4
CNA Vector (Red Hat, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Command injectionCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 99851
Nessus Name: EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1004)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 881932
OpenVAS Name: CentOS Update for sudo CESA-2016:2872 centos7
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 1.8.18p1
Timeline
08/23/2016 🔍12/06/2016 🔍
01/07/2017 🔍
01/25/2017 🔍
05/01/2017 🔍
05/29/2018 🔍
05/29/2018 🔍
05/29/2018 🔍
03/17/2023 🔍
Sources
Advisory: RHSA-2016:2872Status: Confirmed
Confirmation: 🔍
CVE: CVE-2016-7076 (🔍)
GCVE (CVE): GCVE-0-2016-7076
GCVE (VulDB): GCVE-100-118279
SecurityFocus: 95778 - IBM PowerKVM CVE-2016-7076 Local Command Execution Vulnerability
See also: 🔍
Entry
Created: 05/30/2018 00:05Updated: 03/17/2023 13:11
Changes: 05/30/2018 00:05 (76), 02/09/2020 11:41 (5), 03/17/2023 13:05 (4), 03/17/2023 13:11 (12)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.