CVE-2005-4158 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-4158 Interim 1 6 2022-10-15T18:34:03Z current 2021-05-30T12:34:26Z 2022-10-15T18:34:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-4158 Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2006-01/msg00011.html E-Mail link for SUSE-SR:2006:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed sudo-1.9.7p2-1.4 sudo-devel-1.9.7p2-1.4 sudo-plugin-python-1.9.7p2-1.4 sudo-test-1.9.7p2-1.4 sudo-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-devel-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-plugin-python-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-test-1.9.7p2-1.4 as a component of openSUSE Tumbleweed Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVE-2005-4158 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P