CVE-2005-4158

Publication date 11 December 2005

Last updated 24 July 2024

Ubuntu priority

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sudo	7.04 feisty	Fixed 1.6.8p12-1ubuntu6
	6.10 edgy	Fixed 1.6.8p12-1ubuntu6
	6.06 LTS dapper	Fixed 1.6.8p12-1ubuntu6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-235-1
sudo vulnerability
6 January 2006

USN-235-2
sudo vulnerability
9 January 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2005-4158