CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Published: Dec 11, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4158
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.5.8	1.5.8.x
todd_miller / sudo	1.6.3_p6	1.6.3_p6.x
todd_miller / sudo	1.5.9	1.5.9.x
todd_miller / sudo	1.6.6	1.6.6.x
todd_miller / sudo	1.6.8_p7	1.6.8_p7.x
todd_miller / sudo	1.6.3	1.6.3.x
todd_miller / sudo	1.6.4_p2	1.6.4_p2.x
todd_miller / sudo	1.6.1	1.6.1.x
todd_miller / sudo	1.6.3_p5	1.6.3_p5.x
todd_miller / sudo	1.5.7	1.5.7.x
todd_miller / sudo	1.6.2	1.6.2.x
todd_miller / sudo	1.6.8	1.6.8.x
todd_miller / sudo	1.6.4_p1	1.6.4_p1.x
todd_miller / sudo	1.6.3_p2	1.6.3_p2.x
todd_miller / sudo	1.6.3_p4	1.6.3_p4.x
todd_miller / sudo	1.6.8_p9	1.6.8_p9.x
todd_miller / sudo	1.6.5_p2	1.6.5_p2.x
todd_miller / sudo	1.6.5	1.6.5.x
todd_miller / sudo	1.6.3_p3	1.6.3_p3.x
todd_miller / sudo	1.6.8_p1	1.6.8_p1.x
todd_miller / sudo	1.6.5_p1	1.6.5_p1.x
todd_miller / sudo	1.6.3_p7	1.6.3_p7.x
todd_miller / sudo	1.6	1.6.x
todd_miller / sudo	1.6.4	1.6.4.x
todd_miller / sudo	1.6.7	1.6.7.x
todd_miller / sudo	1.6.8_p5	1.6.8_p5.x
todd_miller / sudo	1.6.8_p8	1.6.8_p8.x
todd_miller / sudo	1.6.3_p1	1.6.3_p1.x
todd_miller / sudo	1.5.6	1.5.6.x
todd_miller / sudo	1.6.7_p5	1.6.7_p5.x

Vulnerability Database

289,689

CVE-2005-4158