CVE-2005-4158 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-4158
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-4158

Description: Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23102 UBUNTU http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000266.html TRUSTIX http://www.trustix.org/errata/2006/0002/ SUSE http://www.novell.com/linux/security/advisories/2006_02_sr.html ST 1015192 SAID Secunia Advisory: SA18549 Secunia Advisory: SA18156 Secunia Advisory: SA17534 Secunia Advisory: SA18308 Secunia Advisory: SA18102 Secunia Advisory: SA18558 Secunia Advisory: SA18463 Secunia Advisory: SA21692 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:159 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:234 MANDRAKE http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:234 DEBIAN http://www.debian.org/security/2006/dsa-946 CONFIRM http://www.sudo.ws/sudo/alerts/perl_env.html BID 15394

Return to the previous page.