Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-4158

Published: 11/12/2005 Updated: 20/07/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 475
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sudo

Vulnerability Summary

Sudo prior to 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.5.6

todd miller sudo 1.5.7

todd miller sudo 1.6.3_p1

todd miller sudo 1.6.3_p2

todd miller sudo 1.6.3_p3

todd miller sudo 1.6.4_p2

todd miller sudo 1.6.5

todd miller sudo 1.6.8_p1

todd miller sudo 1.6.8_p5

todd miller sudo 1.6.2

todd miller sudo 1.6.3

todd miller sudo 1.6.4

todd miller sudo 1.6.4_p1

todd miller sudo 1.6.7_p5

todd miller sudo 1.6.8

todd miller sudo 1.6

todd miller sudo 1.6.1

todd miller sudo 1.6.3_p6

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.6

todd miller sudo 1.6.7

todd miller sudo 1.6.8_p9

todd miller sudo 1.5.8

todd miller sudo 1.5.9

todd miller sudo 1.6.3_p4

todd miller sudo 1.6.3_p5

todd miller sudo 1.6.5_p1

todd miller sudo 1.6.5_p2

todd miller sudo 1.6.8_p7

todd miller sudo 1.6.8_p8

Vendor Advisories

Debian CVElist Bug Report Logs: [bugtraq] Sudo version 1.6.8p9 now available, fixes security issue.
Debian Bug report logs - #315115 [bugtraq] Sudo version 168p9 now available, fixes security issue Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Christian Hammers <ch@debianorg> Date: Mon, 20 Jun 2005 17:18:03 UTC Severity: criti ...
Debian CVElist Bug Report Logs: CVE-2005-4158: Insecure handling of PERLLIB PERL5LIB PERL5OPT environment vars
Debian Bug report logs - #342948 CVE-2005-4158: Insecure handling of PERLLIB PERL5LIB PERL5OPT environment vars Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Sun, 11 Dec 2005 21:48:02 UTC Se ...
Ubuntu Security Notice: sudo vulnerability
Charles Morris discovered a privilege escalation vulnerability in sudo On executing Perl scripts with sudo, various environment variables that affect Perl’s library search path were not cleaned properly If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the ta ...
Ubuntu Security Notice: sudo vulnerability
USN-235-1 fixed a vulnerability in sudo’s handling of environment variables Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges ...

Exploits

Exploit DB: Sudo 1.6.x - Environment Variable Handling Security Bypass (2)
source: wwwsecurityfocuscom/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution This issue is due to an error in the application when handling environment variables A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an intera ...
Exploit DB: Sudo Perl 1.6.x - Environment Variable Handling Security Bypass
source: wwwsecurityfocuscom/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored An attacker can exploit this vulnerability to byp ...
Exploit DB: Sudo 1.6.x - Environment Variable Handling Security Bypass (1)
source: wwwsecurityfocuscom/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution This issue is due to an error in the application when handling environment variables A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interact ...

References

NVD-CWE-Otherhttp://www.sudo.ws/sudo/alerts/perl_env.htmlhttp://www.securityfocus.com/bid/15394http://securitytracker.com/alerts/2005/Nov/1015192.htmlhttp://secunia.com/advisories/17534/http://secunia.com/advisories/18156http://secunia.com/advisories/18308http://www.debian.org/security/2006/dsa-946http://www.novell.com/linux/security/advisories/2006_02_sr.htmlhttp://secunia.com/advisories/18549http://secunia.com/advisories/18102http://www.trustix.org/errata/2006/0002/http://secunia.com/advisories/18558http://secunia.com/advisories/18463http://secunia.com/advisories/21692http://www.mandriva.com/security/advisories?name=MDKSA-2006:159http://www.vupen.com/english/advisories/2005/2386https://www.ubuntu.com/usn/usn-235-1/http://www.mandriva.com/security/advisories?name=MDKSA-2005:234https://exchange.xforce.ibmcloud.com/vulnerabilities/23102https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315115https://usn.ubuntu.com/235-1/https://www.exploit-db.com/exploits/27057/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook