Information Disclosure Vulnerability in Default Sudo Configuration

Information Disclosure Vulnerability in Default Sudo Configuration

CVE-2016-7091 · MEDIUM Severity

AV:L/AC:L/AU:N/C:C/I:N/A:N

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.