4.6

CVE-2005-4158

Exploit

EPSS 0.51%
Published 11.12.2005 02:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Todd Miller ≫ Sudo Version1.5.6

Todd Miller ≫ Sudo Version1.5.7

Todd Miller ≫ Sudo Version1.5.8

Todd Miller ≫ Sudo Version1.5.9

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3_p1

Todd Miller ≫ Sudo Version1.6.3_p2

Todd Miller ≫ Sudo Version1.6.3_p3

Todd Miller ≫ Sudo Version1.6.3_p4

Todd Miller ≫ Sudo Version1.6.3_p5

Todd Miller ≫ Sudo Version1.6.3_p6

Todd Miller ≫ Sudo Version1.6.3_p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4_p1

Todd Miller ≫ Sudo Version1.6.4_p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.5_p1

Todd Miller ≫ Sudo Version1.6.5_p2

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.7_p5

Todd Miller ≫ Sudo Version1.6.8

Todd Miller ≫ Sudo Version1.6.8_p1

Todd Miller ≫ Sudo Version1.6.8_p5

Todd Miller ≫ Sudo Version1.6.8_p7

Todd Miller ≫ Sudo Version1.6.8_p8

Todd Miller ≫ Sudo Version1.6.8_p9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.649

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18549

http://www.novell.com/linux/security/advisories/2006_02_sr.html

http://secunia.com/advisories/17534/

Patch

Vendor Advisory

http://secunia.com/advisories/18102

http://secunia.com/advisories/18156

http://secunia.com/advisories/18308

http://secunia.com/advisories/18463

http://secunia.com/advisories/18558

http://secunia.com/advisories/21692

http://securitytracker.com/alerts/2005/Nov/1015192.html

Patch

http://www.debian.org/security/2006/dsa-946

http://www.mandriva.com/security/advisories?name=MDKSA-2005:234

http://www.mandriva.com/security/advisories?name=MDKSA-2006:159

http://www.securityfocus.com/bid/15394

Patch

Exploit

http://www.sudo.ws/sudo/alerts/perl_env.html

Patch

Vendor Advisory

http://www.trustix.org/errata/2006/0002/

http://www.vupen.com/english/advisories/2005/2386

https://exchange.xforce.ibmcloud.com/vulnerabilities/23102

https://www.ubuntu.com/usn/usn-235-1/

https://nvd.nist.gov/vuln/detail/CVE-2005-4158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4158

EUVD