Information Disclosure Vulnerability in Default Sudo Configuration
CVE-2016-7091 · MEDIUM Severity
AV:L/AC:L/AU:N/C:C/I:N/A:N
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.