CVEs-PoC/2016/CVE-2016-7076.md

### [CVE-2016-7076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076)
![](https://img.shields.io/static/v1?label=Product&message=sudo&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=sudo%201.8.18p1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-184&color=brightgreen)

### Description

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

### POC

#### Reference
- https://usn.ubuntu.com/3968-3/

#### Github
No PoCs found on GitHub currently.