fkie_cve-2005-4158
Vulnerability from fkie_nvd
Published
2005-12-11 02:03
Modified
2024-11-21 00:03
Severity ?
Summary
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
References
cve@mitre.orghttp://secunia.com/advisories/17534/Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/18102
cve@mitre.orghttp://secunia.com/advisories/18156
cve@mitre.orghttp://secunia.com/advisories/18308
cve@mitre.orghttp://secunia.com/advisories/18463
cve@mitre.orghttp://secunia.com/advisories/18549
cve@mitre.orghttp://secunia.com/advisories/18558
cve@mitre.orghttp://secunia.com/advisories/21692
cve@mitre.orghttp://securitytracker.com/alerts/2005/Nov/1015192.htmlPatch
cve@mitre.orghttp://www.debian.org/security/2006/dsa-946
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2005:234
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:159
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_02_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/15394Exploit, Patch
cve@mitre.orghttp://www.sudo.ws/sudo/alerts/perl_env.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.trustix.org/errata/2006/0002/
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2386
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/23102
cve@mitre.orghttps://www.ubuntu.com/usn/usn-235-1/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17534/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18102
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18156
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18308
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18463
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18549
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18558
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21692
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/alerts/2005/Nov/1015192.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-946
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_02_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15394Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/sudo/alerts/perl_env.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2006/0002/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2386
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-235-1/
Impacted products
Vendor Product Version
todd_miller sudo 1.5.6
todd_miller sudo 1.5.7
todd_miller sudo 1.5.8
todd_miller sudo 1.5.9
todd_miller sudo 1.6
todd_miller sudo 1.6.1
todd_miller sudo 1.6.2
todd_miller sudo 1.6.3
todd_miller sudo 1.6.3_p1
todd_miller sudo 1.6.3_p2
todd_miller sudo 1.6.3_p3
todd_miller sudo 1.6.3_p4
todd_miller sudo 1.6.3_p5
todd_miller sudo 1.6.3_p6
todd_miller sudo 1.6.3_p7
todd_miller sudo 1.6.4
todd_miller sudo 1.6.4_p1
todd_miller sudo 1.6.4_p2
todd_miller sudo 1.6.5
todd_miller sudo 1.6.5_p1
todd_miller sudo 1.6.5_p2
todd_miller sudo 1.6.6
todd_miller sudo 1.6.7
todd_miller sudo 1.6.7_p5
todd_miller sudo 1.6.8
todd_miller sudo 1.6.8_p1
todd_miller sudo 1.6.8_p5
todd_miller sudo 1.6.8_p7
todd_miller sudo 1.6.8_p8
todd_miller sudo 1.6.8_p9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
    }
  ],
  "id": "CVE-2005-4158",
  "lastModified": "2024-11-21T00:03:35.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-11T02:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17534/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18156"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18558"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15394"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2006/0002/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-235-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17534/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2006/0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-235-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "We do not consider this to be a security issue.\nhttp:bugzilla.redhat.combugzillashow_bug.cgi?id=139478#c1",
      "lastModified": "2008-01-24T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.