CVE-2005-4158
sudo - missing input sanitising
EPSS 0.83%
Description
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
How to fix CVE-2005-4158
To remediate CVE-2005-4158, upgrade the affected package to a fixed version below.
- Debian/sudo—upgrade to 1.6.8p12-1 or later
- Debian/sudo—upgrade to 1.6.6-1.6 or later
Is CVE-2005-4158 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.8p12-1
- from 0, < 1.6.6-1.6