Lucene search

[email protected]CVE-2005-4158

HistoryDec 11, 2005 - 2:03 a.m.

CVE-2005-4158

2005-12-1102:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4158

sudo vulnerability

environment variables

perl

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Affected configurations

NVD

Node

todd_millersudoMatch1.5.6

todd_millersudoMatch1.5.7

todd_millersudoMatch1.5.8

todd_millersudoMatch1.5.9

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p1

todd_millersudoMatch1.6.3_p2

todd_millersudoMatch1.6.3_p3

todd_millersudoMatch1.6.3_p4

todd_millersudoMatch1.6.3_p5

todd_millersudoMatch1.6.3_p6

todd_millersudoMatch1.6.3_p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4_p1

todd_millersudoMatch1.6.4_p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.5_p1

todd_millersudoMatch1.6.5_p2

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.7_p5

todd_millersudoMatch1.6.8

todd_millersudoMatch1.6.8_p1

todd_millersudoMatch1.6.8_p5

todd_millersudoMatch1.6.8_p7

todd_millersudoMatch1.6.8_p8

todd_millersudoMatch1.6.8_p9

VendorProductVersionCPE
todd_millersudo1.6cpe:/a:todd_miller:sudo:1.6:::
todd_millersudo1.6.5cpe:/a:todd_miller:sudo:1.6.5:::
todd_millersudo1.6.3+p7cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_millersudo1.6.3+p4cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_millersudo1.6.7+p5cpe:/a:todd_miller:sudo:1.6.7+p5:::
todd_millersudo1.5.7cpe:/a:todd_miller:sudo:1.5.7:::
todd_millersudo1.6.7cpe:/a:todd_miller:sudo:1.6.7:::
todd_millersudo1.5.8cpe:/a:todd_miller:sudo:1.5.8:::
todd_millersudo1.6.4cpe:/a:todd_miller:sudo:1.6.4:::
todd_millersudo1.5.9cpe:/a:todd_miller:sudo:1.5.9:::

Vendor	Product	Version	CPE
todd_miller	sudo	1.6	cpe:/a:todd_miller:sudo:1.6:::
todd_miller	sudo	1.6.5	cpe:/a:todd_miller:sudo:1.6.5:::
todd_miller	sudo	1.6.3+p7	cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_miller	sudo	1.6.3+p4	cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_miller	sudo	1.6.7+p5	cpe:/a:todd_miller:sudo:1.6.7+p5:::
todd_miller	sudo	1.5.7	cpe:/a:todd_miller:sudo:1.5.7:::
todd_miller	sudo	1.6.7	cpe:/a:todd_miller:sudo:1.6.7:::
todd_miller	sudo	1.5.8	cpe:/a:todd_miller:sudo:1.5.8:::
todd_miller	sudo	1.6.4	cpe:/a:todd_miller:sudo:1.6.4:::
todd_miller	sudo	1.5.9	cpe:/a:todd_miller:sudo:1.5.9:::