Search for vulnerabilities
Vulnerability details: VCID-kp17-amnu-aaas
Vulnerability ID VCID-kp17-amnu-aaas
Aliases CVE-2005-4158
Summary Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Status Published
Exploitability 2.0
Weighted Severity 4.1
Risk 8.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.00798 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
epss 0.01041 https://api.first.org/data/v1/epss?cve=CVE-2005-4158
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=139478
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2005-4158
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4158.json
https://api.first.org/data/v1/epss?cve=CVE-2005-4158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4158
http://secunia.com/advisories/17534/
http://secunia.com/advisories/18102
http://secunia.com/advisories/18156
http://secunia.com/advisories/18308
http://secunia.com/advisories/18463
http://secunia.com/advisories/18549
http://secunia.com/advisories/18558
http://secunia.com/advisories/21692
http://securitytracker.com/alerts/2005/Nov/1015192.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
https://www.ubuntu.com/usn/usn-235-1/
http://www.debian.org/security/2006/dsa-946
http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.securityfocus.com/bid/15394
http://www.sudo.ws/sudo/alerts/perl_env.html
http://www.trustix.org/errata/2006/0002/
http://www.vupen.com/english/advisories/2005/2386
139478 https://bugzilla.redhat.com/show_bug.cgi?id=139478
342948 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342948
cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
CVE-2005-4158 https://nvd.nist.gov/vuln/detail/CVE-2005-4158
CVE-2005-4158;OSVDB-20764 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/26498.txt
CVE-2005-4158;OSVDB-20764 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/27056.pl
CVE-2005-4158;OSVDB-20764 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/27057.py
CVE-2005-4158;OSVDB-20764 Exploit https://www.securityfocus.com/bid/15394/info
CVE-2005-4158;OSVDB-20764 Exploit https://www.securityfocus.com/bid/16184/info
USN-235-1 https://usn.ubuntu.com/235-1/
Data source Exploit-DB
Date added Nov. 11, 2005
Description Sudo Perl 1.6.x - Environment Variable Handling Security Bypass
Ransomware campaign use Known
Source publication date Nov. 11, 2005
Exploit type local
Platform linux
Source update date July 1, 2013
Source URL https://www.securityfocus.com/bid/15394/info
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-4158
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.00344
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.