Detections
Analytics

CVE-2005-4158

high

Description

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

References

https://www.ubuntu.com/usn/usn-235-1/

https://exchange.xforce.ibmcloud.com/vulnerabilities/23102

http://www.vupen.com/english/advisories/2005/2386

http://www.trustix.org/errata/2006/0002/

http://www.sudo.ws/sudo/alerts/perl_env.html

http://www.novell.com/linux/security/advisories/2006_02_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:159

http://www.mandriva.com/security/advisories?name=MDKSA-2005:234

http://www.debian.org/security/2006/dsa-946

http://securitytracker.com/alerts/2005/Nov/1015192.html

http://secunia.com/advisories/21692

http://secunia.com/advisories/18558

http://secunia.com/advisories/18549

http://secunia.com/advisories/18463

http://secunia.com/advisories/18308

http://secunia.com/advisories/18156

http://secunia.com/advisories/18102

http://secunia.com/advisories/17534/

Details

Source: Mitre, NVD

Published: 2005-12-11

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High