A flaw exists in sudo’s noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp() function. Sudo versions affected: 1.6.8 through 1.8.18 inclusive. CVE ID: This vulnerability has been assigned CVE-2016-7076 in the Common Vulnerabilities and Exposures database.
