Sudo noexec bypass via system() and popen() (CVE-2016-7032)

Key Vulnerability Information Vulnerability ID: Bug 1372830 (CVE-2016-7032) Title: Sudo: noexec bypass via system() and popen() Report Date: 2016-09-02 19:56 UTC Status: Closed ERRATA Keywords: Security Affected Products: Security Response Affected Components: vulnerability Version: Unspecified Hardware: All Operating System: Linux Priority: Medium Severity: Medium Fixed Version: sudo 1.8.15 Related Links: https://www.sudo.ws/devel.html#1.8.15rc1 https://www.sudo.ws/repos/sudo/rev/58a5c06b5257 https://www.sudo.ws/repos/sudo/rev/a826cd7787e9 Key Issue Description: This vulnerability describes a bypass of the noexec feature in sudo via the system() and popen() functions, potentially leading to security risks. When sudo is compiled with noexec support, the noexec flag prevents dynamically linked executables from running further commands. However, filtering DSOs does not intercept all glibc functions that allow spawning shells, such as popen, system, and wordexp. The fix involves setting up a seccomp filter to block execve calls within DSOs, but this approach is only applicable on Red Hat Enterprise Linux 7 or later. The fix has been incorporated into sudo version 1.8.15 and resolved in the corresponding products. Public Disclosure: The vulnerability information was disclosed via upstream announcement. External References: https://www.sudo.ws/alerts/noexec_bypass.html

Goal Reached Thanks to every supporter — we hit 100%!

Sudo noexec bypass via system() and popen() (CVE-2016-7032)