VDB
CVE-2005-4158
CVE-2005-4158
PUBLISHED
Reported by mitre · Published December 11, 2005
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, * |
Exploit Intelligence
- http://www.securityfocus.com/bid/15394 (vulncheck-nvd)
Timeline
- Dec 11, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- MDKSA-2005:234 vendor-advisoryx_refsource_MANDRAKE
- 18549 third-party-advisoryx_refsource_SECUNIA
- sudo-perl-execute-code(23102) vdb-entryx_refsource_XF
- 18558 third-party-advisoryx_refsource_SECUNIA
- 2006-0002 vendor-advisoryx_refsource_TRUSTIX
- 18463 third-party-advisoryx_refsource_SECUNIA
- 18308 third-party-advisoryx_refsource_SECUNIA
- ADV-2005-2386 vdb-entryx_refsource_VUPEN
- 15394 vdb-entryx_refsource_BID
- 18156 third-party-advisoryx_refsource_SECUNIA
- 18102 third-party-advisoryx_refsource_SECUNIA
- USN-235-1 vendor-advisoryx_refsource_UBUNTU
- SUSE-SR:2006:002 vendor-advisoryx_refsource_SUSE
- DSA-946 vendor-advisoryx_refsource_DEBIAN
- 1015192 vdb-entryx_refsource_SECTRACK
- MDKSA-2006:159 vendor-advisoryx_refsource_MANDRIVA
- 21692 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- 17534 third-party-advisoryx_refsource_SECUNIA