CVE-2005-4158

NONE EPSS 60.9%
Published Dec 11, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 11, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Threat Intelligence

EPSS Exploit Probability
60.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 30

VendorProductVersionRange
todd_millersudo1.5.6any
todd_millersudo1.5.7any
todd_millersudo1.5.8any
todd_millersudo1.5.9any
todd_millersudo1.6any
todd_millersudo1.6.1any
todd_millersudo1.6.2any
todd_millersudo1.6.3any
todd_millersudo1.6.3_p1any
todd_millersudo1.6.3_p2any
todd_millersudo1.6.3_p3any
todd_millersudo1.6.3_p4any
todd_millersudo1.6.3_p5any
todd_millersudo1.6.3_p6any
todd_millersudo1.6.3_p7any
todd_millersudo1.6.4any
todd_millersudo1.6.4_p1any
todd_millersudo1.6.4_p2any
todd_millersudo1.6.5any
todd_millersudo1.6.5_p1any
todd_millersudo1.6.5_p2any
todd_millersudo1.6.6any
todd_millersudo1.6.7any
todd_millersudo1.6.7_p5any
todd_millersudo1.6.8any
todd_millersudo1.6.8_p1any
todd_millersudo1.6.8_p5any
todd_millersudo1.6.8_p7any
todd_millersudo1.6.8_p8any
todd_millersudo1.6.8_p9any

References 19

  • secunia.com http://secunia.com/advisories/17534/
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18102
  • secunia.com http://secunia.com/advisories/18156
  • secunia.com http://secunia.com/advisories/18308
  • secunia.com http://secunia.com/advisories/18463
  • secunia.com http://secunia.com/advisories/18549
  • secunia.com http://secunia.com/advisories/18558
  • secunia.com http://secunia.com/advisories/21692
  • securitytracker.com http://securitytracker.com/alerts/2005/Nov/1015192.html
    Patch
  • debian.org http://www.debian.org/security/2006/dsa-946
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
  • novell.com http://www.novell.com/linux/security/advisories/2006_02_sr.html
  • securityfocus.com http://www.securityfocus.com/bid/15394
    ExploitPatch
  • sudo.ws http://www.sudo.ws/sudo/alerts/perl_env.html
    PatchVendor Advisory
  • trustix.org http://www.trustix.org/errata/2006/0002/
  • vupen.com http://www.vupen.com/english/advisories/2005/2386
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
  • ubuntu.com https://www.ubuntu.com/usn/usn-235-1/

Remediation

  • secunia.com http://secunia.com/advisories/17534/
    PatchVendor Advisory
  • securitytracker.com http://securitytracker.com/alerts/2005/Nov/1015192.html
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/15394
    ExploitPatch
  • sudo.ws http://www.sudo.ws/sudo/alerts/perl_env.html
    PatchVendor Advisory