Arbitrary Command Injection Affecting sudo Open this link in a new tab package, versions <1.8.9p5-1ubuntu1.5+esm5

  • Attack Complexity


  • Confidentiality


  • Integrity


  • Availability


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

How to fix?

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm5 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See How to fix? for Ubuntu:14.04 relevant versions.

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.