Vulnerability CVE-2005-4158

Vulnerability Name:

CVE-2005-4158 (CCN-23102)

Assigned:

2005-11-11

Published:

2005-11-11

Updated:

2017-07-20

Summary:

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-4158

Source: MITRE
Type: CNA
CVE-2006-0151

Source: CCN
Type: SA17534
Sudo Perl Environment Cleaning Privilege Escalation Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
17534

Source: SECUNIA
Type: UNKNOWN
18102

Source: SECUNIA
Type: UNKNOWN
18156

Source: SECUNIA
Type: UNKNOWN
18308

Source: CCN
Type: SA18358
Sudo Python Environment Cleaning Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
18463

Source: SECUNIA
Type: UNKNOWN
18549

Source: SECUNIA
Type: UNKNOWN
18558

Source: SECUNIA
Type: UNKNOWN
21692

Source: SECTRACK
Type: Patch
1015192

Source: CCN
Type: SECTRACK ID: 1015192
Sudo Input Validation Flaw in Perl-related Environment Variables Lets Certain Local Users Execute Arbitrary Perl Code

Source: DEBIAN
Type: UNKNOWN
DSA-946

Source: DEBIAN
Type: DSA-946
sudo -- missing input sanitising

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:234

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:159

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:002

Source: CCN
Type: OSVDB ID: 20764
Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation

Source: CCN
Type: BID-15191
Todd Miller Sudo Local Privilege Escalation Vulnerability

Source: BID
Type: Exploit, Patch
15394

Source: CCN
Type: BID-15394
Sudo Perl Environment Variable Handling Security Bypass Vulnerability

Source: CCN
Type: BID-16184
Sudo Python Environment Variable Handling Security Bypass Vulnerability

Source: CCN
Type: About Sudo
Sudo Main Page

Source: CCN
Type: Sudo Support Web page - Original Advisory
Perl scripts run via Sudo can be subverted

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.sudo.ws/sudo/alerts/perl_env.html

Source: CCN
Type: Sudo Download Web page
Downloading Sudo

Source: TRUSTIX
Type: UNKNOWN
2006-0002

Source: CCN
Type: USN-235-1
sudo vulnerability

Source: CCN
Type: USN-235-2
sudo vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2386

Source: XF
Type: UNKNOWN
sudo-perl-execute-code(23102)

Source: XF
Type: UNKNOWN
sudo-perl-execute-code(23102)

Source: SUSE
Type: SUSE-SR:2006:002
SUSE Security Summary Report

Source: UBUNTU
Type: UNKNOWN
USN-235-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:113468	P	sudo-1.9.7p2-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106865	P	sudo-1.9.7p2-1.4 on GA media (Moderate)	2021-10-01
oval:org.debian:def:946	V	missing input sanitising	2013-01-21

BACK