Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4158

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-4158
Last Modified 07 Mar 2011 09:27:47
Published 10 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4158

Summary

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.5.6

  • Todd Miller Sudo 1.5.7

  • Todd Miller Sudo 1.5.8

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.7 P5

  • Todd Miller Sudo 1.6.8

  • Todd Miller Sudo 1.6.8 P1

  • Todd Miller Sudo 1.6.8 P5

  • Todd Miller Sudo 1.6.8 P7

  • Todd Miller Sudo 1.6.8 P8

  • Todd Miller Sudo 1.6.8 P9


References

XF - sudo-perl-execute-code(23102)

CONFIRM - http://www.sudo.ws/sudo/alerts/perl_env.html

BID - 15394

SECTRACK - 1015192

SECUNIA - 17534

VUPEN - ADV-2005-2386

MANDRIVA - MDKSA-2005:234

TRUSTIX - 2006-0002

SUSE - SUSE-SR:2006:002

MANDRIVA - MDKSA-2006:159

DEBIAN - DSA-946

SECUNIA - 21692

SECUNIA - 18558

SECUNIA - 18549

SECUNIA - 18463

SECUNIA - 18308

SECUNIA - 18156

SECUNIA - 18102

UBUNTU - USN-235-1


Last Updated: 27 May 2016 10:41:12