CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.sudo.ws/sudo/alerts/perl_env.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/15394	Exploit Patch
http://securitytracker.com/alerts/2005/Nov/1015192.html	Patch
http://secunia.com/advisories/17534/	Patch Vendor Advisory
http://secunia.com/advisories/18156
http://secunia.com/advisories/18308
http://www.debian.org/security/2006/dsa-946
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://secunia.com/advisories/18549
http://secunia.com/advisories/18102
http://www.trustix.org/errata/2006/0002/
http://secunia.com/advisories/18558
http://secunia.com/advisories/18463
http://secunia.com/advisories/21692
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
http://www.vupen.com/english/advisories/2005/2386
https://www.ubuntu.com/usn/usn-235-1/
http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
https://exchange.xforce.ibmcloud.com/vulnerabilities/23102

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:todd_miller:sudo:1.5.6:::::::*
	cpe:2.3:a:todd_miller:sudo:1.5.7:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p1:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p2:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p3:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.4_p2:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.5:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p1:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p5:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.2:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3:::::::*
	cpe:2.3:a:todd_miller:sudo:1.5.8:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p6:::::::*
	cpe:2.3:a:todd_miller:sudo:1.5.9:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.6:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p7:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.1:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p5:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.4_p1:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p4:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p9:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.5_p2:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.5_p1:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.3_p7:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.4:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.7:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p8:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.7_p5:::::::*

Information

Published : 2005-12-10 18:03

Updated : 2017-07-19 18:29

NVD link : CVE-2005-4158

Mitre link : CVE-2005-4158

JSON object : View

CWE

NVD-CWE-Other

Products Affected

todd_miller

sudo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.sudo.ws/sudo/alerts/perl_env.html", "name": "http://www.sudo.ws/sudo/alerts/perl_env.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/15394", "name": "15394", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/alerts/2005/Nov/1015192.html", "name": "1015192", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/17534/", "name": "17534", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/18156", "name": "18156", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/18308", "name": "18308", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-946", "name": "DSA-946", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html", "name": "SUSE-SR:2006:002", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/18549", "name": "18549", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/18102", "name": "18102", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.trustix.org/errata/2006/0002/", "name": "2006-0002", "tags": [], "refsource": "TRUSTIX"}, {"url": "http://secunia.com/advisories/18558", "name": "18558", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/18463", "name": "18463", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21692", "name": "21692", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159", "name": "MDKSA-2006:159", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.vupen.com/english/advisories/2005/2386", "name": "ADV-2005-2386", "tags": [], "refsource": "VUPEN"}, {"url": "https://www.ubuntu.com/usn/usn-235-1/", "name": "USN-235-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234", "name": "MDKSA-2005:234", "tags": [], "refsource": "MANDRAKE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102", "name": "sudo-perl-execute-code(23102)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4158", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-12-11T02:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}

4.6 /10