1
Candidate: CVE-2016-7032
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032
5
https://www.sudo.ws/alerts/noexec_bypass.html
6
https://www.sudo.ws/devel.html#1.8.15rc1
7
https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
8
https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
10
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to
11
bypass intended noexec command restrictions via an application that calls
12
the (1) system or (2) popen function.
15
sarnold> I'm marking this negligible because this feature seems doomed
16
to failure in the general case. Any sort of memory-protection flaws
17
in the target process, or ability to execute system calls directly,
18
or programs that don't use the standard C libraries, etc. won't be
19
affected by this feature.
20
sarnold> If you rely upon this feature I suggest instead seccomp2-based
21
filters to disable the execve() and execveat() system calls at the
22
kernel interface or AppArmor (or other MAC system) to restrict which
23
executables can be executed.
26
Discovered-by: Florian Weimer
30
upstream: https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
31
upstream: https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
32
upstream_sudo: released (1.8.15-1)
33
precise_sudo: ignored (reached end-of-life)
34
precise/esm_sudo: needed
36
vivid/stable-phone-overlay_sudo: ignored (reached end-of-life)
37
vivid/ubuntu-core_sudo: ignored (reached end-of-life)
38
xenial_sudo: not-affected (1.8.16-0ubuntu1.2)
39
yakkety_sudo: not-affected
40
zesty_sudo: not-affected
41
artful_sudo: not-affected
42
bionic_sudo: not-affected
43
devel_sudo: not-affected