CVE-2005-4158: Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows…

medium4.6CVSS 3.1

AVLACLAuNCPIPAP

EXPLOIT

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Affected

40 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	sudo	< sudo 1.6.8p12-1 (bookworm)	sudo 1.6.8p12-1 (bookworm)
sudo_project	sudo	>= 0 < 1.6.8p12-1	1.6.8p12-1
sudo_project	sudo	>= 0 < 1.6.8p12-1	1.6.8p12-1
sudo_project	sudo	>= 0 < 1.6.8p12-1	1.6.8p12-1
sudo_project	sudo	>= 0 < 1.6.8p12-1	1.6.8p12-1
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—
todd_miller	sudo	—	—

CVSS provenance

nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C

osv4.6MEDIUM