Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-11T02:00:00

Updated: 2024-08-07T23:38:50.845Z

Reserved: 2005-12-11T00:00:00

Link: CVE-2005-4158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-12-11T02:03:00.000

Modified: 2024-11-21T00:03:35.340

Link: CVE-2005-4158

cve-icon Redhat

Severity : Low

Publid Date: 2004-11-11T00:00:00Z

Links: CVE-2005-4158 - Bugzilla