4.6

CVE-2005-4158

Exploit
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Todd MillerSudo Version1.5.6
Todd MillerSudo Version1.5.7
Todd MillerSudo Version1.5.8
Todd MillerSudo Version1.5.9
Todd MillerSudo Version1.6
Todd MillerSudo Version1.6.1
Todd MillerSudo Version1.6.2
Todd MillerSudo Version1.6.3
Todd MillerSudo Version1.6.3_p1
Todd MillerSudo Version1.6.3_p2
Todd MillerSudo Version1.6.3_p3
Todd MillerSudo Version1.6.3_p4
Todd MillerSudo Version1.6.3_p5
Todd MillerSudo Version1.6.3_p6
Todd MillerSudo Version1.6.3_p7
Todd MillerSudo Version1.6.4
Todd MillerSudo Version1.6.4_p1
Todd MillerSudo Version1.6.4_p2
Todd MillerSudo Version1.6.5
Todd MillerSudo Version1.6.5_p1
Todd MillerSudo Version1.6.5_p2
Todd MillerSudo Version1.6.6
Todd MillerSudo Version1.6.7
Todd MillerSudo Version1.6.7_p5
Todd MillerSudo Version1.6.8
Todd MillerSudo Version1.6.8_p1
Todd MillerSudo Version1.6.8_p5
Todd MillerSudo Version1.6.8_p7
Todd MillerSudo Version1.6.8_p8
Todd MillerSudo Version1.6.8_p9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.08% 0.606
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18549
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://secunia.com/advisories/17534/
Patch
Vendor Advisory
http://secunia.com/advisories/18102
http://secunia.com/advisories/18156
http://secunia.com/advisories/18308
http://secunia.com/advisories/18463
http://secunia.com/advisories/18558
http://secunia.com/advisories/21692
http://securitytracker.com/alerts/2005/Nov/1015192.html
Patch
http://www.debian.org/security/2006/dsa-946
http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
http://www.securityfocus.com/bid/15394
Patch
Exploit
http://www.sudo.ws/sudo/alerts/perl_env.html
Patch
Vendor Advisory
http://www.trustix.org/errata/2006/0002/
http://www.vupen.com/english/advisories/2005/2386
https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
https://www.ubuntu.com/usn/usn-235-1/