FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- Potential bypass of via wordexp()

Affected packages
1.6.8 <= sudo < 1.8.18p1


VuXML ID 2e4fbc9a-9d23-11e6-a298-14dae9d210b8
Discovery 2016-10-28
Entry 2016-10-28

Todd C. Miller reports:

A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp() function.


CVE Name CVE-2016-7076