Executive Summary

Informations
Name CVE-2016-7032 First vendor Publication 2017-04-14
Vendor Cve Last vendor Modification 2020-09-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7
Base Score 7 Environmental Score 7
impact SubScore 5.9 Temporal Score 7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-284 Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

Nessus® Vulnerability Scanner

Date Description
2017-07-14 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2016-2872.nasl - Type : ACT_GATHER_INFO
2017-05-31 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2017-0110.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1004.nasl - Type : ACT_GATHER_INFO
2017-01-05 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-780.nasl - Type : ACT_GATHER_INFO
2016-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161206_sudo_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-12-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2872.nasl - Type : ACT_GATHER_INFO
2016-12-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2872.nasl - Type : ACT_GATHER_INFO
2016-12-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0170.nasl - Type : ACT_GATHER_INFO
2016-12-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2872.nasl - Type : ACT_GATHER_INFO
2016-12-06 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1402.nasl - Type : ACT_GATHER_INFO
2016-12-05 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1381.nasl - Type : ACT_GATHER_INFO
2016-11-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2891-1.nasl - Type : ACT_GATHER_INFO
2016-11-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2893-1.nasl - Type : ACT_GATHER_INFO
2016-11-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2904-1.nasl - Type : ACT_GATHER_INFO
2016-11-23 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1343.nasl - Type : ACT_GATHER_INFO
2016-11-15 Name : The remote Debian host is missing a security update.
File : debian_DLA-707.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/95776
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1372830
https://www.sudo.ws/alerts/noexec_bypass.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2872.html
UBUNTU https://usn.ubuntu.com/3968-3/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:54:03
  • Multiple Updates
2021-04-22 02:06:19
  • Multiple Updates
2020-10-01 00:22:44
  • Multiple Updates
2020-05-23 00:53:01
  • Multiple Updates
2018-01-05 09:23:55
  • Multiple Updates
2017-07-15 13:25:44
  • Multiple Updates
2017-06-01 13:24:59
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2017-04-25 09:23:19
  • Multiple Updates
2017-04-15 00:21:00
  • First insertion