Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-11T02:00:00
Updated: 2024-08-07T23:38:50.845Z
Reserved: 2005-12-11T00:00:00
Link: CVE-2005-4158
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-11T02:03:00.000
Modified: 2024-11-21T00:03:35.340
Link: CVE-2005-4158
Redhat