CVE-2005-4158
NONE EPSS 60.9%
Published Dec 11, 200520y ago · Modified Jun 16, 20262w ago
Published Dec 11, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Threat Intelligence
EPSS Exploit Probability
60.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 30
| Vendor | Product | Version | Range |
|---|---|---|---|
| todd_miller | sudo | 1.5.6 | any |
| todd_miller | sudo | 1.5.7 | any |
| todd_miller | sudo | 1.5.8 | any |
| todd_miller | sudo | 1.5.9 | any |
| todd_miller | sudo | 1.6 | any |
| todd_miller | sudo | 1.6.1 | any |
| todd_miller | sudo | 1.6.2 | any |
| todd_miller | sudo | 1.6.3 | any |
| todd_miller | sudo | 1.6.3_p1 | any |
| todd_miller | sudo | 1.6.3_p2 | any |
| todd_miller | sudo | 1.6.3_p3 | any |
| todd_miller | sudo | 1.6.3_p4 | any |
| todd_miller | sudo | 1.6.3_p5 | any |
| todd_miller | sudo | 1.6.3_p6 | any |
| todd_miller | sudo | 1.6.3_p7 | any |
| todd_miller | sudo | 1.6.4 | any |
| todd_miller | sudo | 1.6.4_p1 | any |
| todd_miller | sudo | 1.6.4_p2 | any |
| todd_miller | sudo | 1.6.5 | any |
| todd_miller | sudo | 1.6.5_p1 | any |
| todd_miller | sudo | 1.6.5_p2 | any |
| todd_miller | sudo | 1.6.6 | any |
| todd_miller | sudo | 1.6.7 | any |
| todd_miller | sudo | 1.6.7_p5 | any |
| todd_miller | sudo | 1.6.8 | any |
| todd_miller | sudo | 1.6.8_p1 | any |
| todd_miller | sudo | 1.6.8_p5 | any |
| todd_miller | sudo | 1.6.8_p7 | any |
| todd_miller | sudo | 1.6.8_p8 | any |
| todd_miller | sudo | 1.6.8_p9 | any |
References 19
- secunia.com http://secunia.com/advisories/17534/
- secunia.com http://secunia.com/advisories/18102
- secunia.com http://secunia.com/advisories/18156
- secunia.com http://secunia.com/advisories/18308
- secunia.com http://secunia.com/advisories/18463
- secunia.com http://secunia.com/advisories/18549
- secunia.com http://secunia.com/advisories/18558
- secunia.com http://secunia.com/advisories/21692
- securitytracker.com http://securitytracker.com/alerts/2005/Nov/1015192.html
- debian.org http://www.debian.org/security/2006/dsa-946
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
- novell.com http://www.novell.com/linux/security/advisories/2006_02_sr.html
- securityfocus.com http://www.securityfocus.com/bid/15394
- sudo.ws http://www.sudo.ws/sudo/alerts/perl_env.html
- trustix.org http://www.trustix.org/errata/2006/0002/
- vupen.com http://www.vupen.com/english/advisories/2005/2386
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
- ubuntu.com https://www.ubuntu.com/usn/usn-235-1/
Remediation
- secunia.com http://secunia.com/advisories/17534/
- securitytracker.com http://securitytracker.com/alerts/2005/Nov/1015192.html
- securityfocus.com http://www.securityfocus.com/bid/15394
- sudo.ws http://www.sudo.ws/sudo/alerts/perl_env.html