Vulnerability Details : CVE-2005-4158
Potential exploit
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Products affected by CVE-2005-4158
- cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4158
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4158
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
Vendor statements for CVE-2005-4158
-
Red Hat 2008-01-24We do not consider this to be a security issue. http:bugzilla.redhat.combugzillashow_bug.cgi?id=139478#c1
References for CVE-2005-4158
-
http://secunia.com/advisories/17534/
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2006_02_sr.html
404 Page Not Found | SUSE
-
http://secunia.com/advisories/18549
About Secunia Research | Flexera
-
http://www.sudo.ws/sudo/alerts/perl_env.html
Perl scripts run via Sudo can be subverted | SudoPatch;Vendor Advisory
-
http://secunia.com/advisories/18102
About Secunia Research | Flexera
-
http://secunia.com/advisories/18156
About Secunia Research | Flexera
-
https://www.ubuntu.com/usn/usn-235-1/
USN-235-1: sudo vulnerability | Ubuntu security notices | Ubuntu
-
http://www.vupen.com/english/advisories/2005/2386
Site en construction
-
http://secunia.com/advisories/18463
About Secunia Research | Flexera
-
http://www.trustix.org/errata/2006/0002/
Trustix | Empowering Trust and Security in the Digital Age
-
http://secunia.com/advisories/21692
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
Debian sudo perl variables allow execution of arbitrary code CVE-2006-0151 Vulnerability Report
-
http://www.securityfocus.com/bid/15394
Exploit;Patch
-
http://secunia.com/advisories/18308
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
Mandriva
-
http://secunia.com/advisories/18558
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
Mandriva
-
http://www.debian.org/security/2006/dsa-946
Debian -- The Universal Operating System
-
http://securitytracker.com/alerts/2005/Nov/1015192.html
Access DeniedPatch
Jump to