CVE-2005-4158 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-4158 Interim 1 13 2025-11-05T06:28:58Z current 2021-05-30T12:34:26Z 2025-11-05T06:28:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-4158 Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PPCCSYGV7S3XUI5X2IOXQCF4LC26BLXY/#PPCCSYGV7S3XUI5X2IOXQCF4LC26BLXY E-Mail link for SUSE-SR:2006:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 16.0 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed sudo-1.9.15p5-1.3 sudo-1.9.15p5-slfo.1.1_1.2 sudo-1.9.17p1-160000.2.2 sudo-1.9.7p2-1.4 sudo-devel-1.9.17p1-160000.2.2 sudo-devel-1.9.7p2-1.4 sudo-plugin-python-1.9.17p1-160000.2.2 sudo-plugin-python-1.9.7p2-1.4 sudo-policy-sudo-auth-self-1.9.17p1-160000.2.2 sudo-policy-wheel-auth-self-1.9.17p1-160000.2.2 sudo-test-1.9.7p2-1.4 system-group-sudo-1.9.17p1-160000.2.2 sudo-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 sudo-devel-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 sudo-plugin-python-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 sudo-policy-sudo-auth-self-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 sudo-policy-wheel-auth-self-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 system-group-sudo-1.9.17p1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 sudo-1.9.15p5-1.3 as a component of SUSE Linux Micro 6.0 sudo-1.9.15p5-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 sudo-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-devel-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-plugin-python-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-test-1.9.7p2-1.4 as a component of openSUSE Tumbleweed Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVE-2005-4158 SUSE Linux Enterprise Server 16.0:sudo-1.9.17p1-160000.2.2 SUSE Linux Enterprise Server 16.0:sudo-devel-1.9.17p1-160000.2.2 SUSE Linux Enterprise Server 16.0:sudo-plugin-python-1.9.17p1-160000.2.2 SUSE Linux Enterprise Server 16.0:sudo-policy-sudo-auth-self-1.9.17p1-160000.2.2 SUSE Linux Enterprise Server 16.0:sudo-policy-wheel-auth-self-1.9.17p1-160000.2.2 SUSE Linux Enterprise Server 16.0:system-group-sudo-1.9.17p1-160000.2.2 SUSE Linux Micro 6.0:sudo-1.9.15p5-1.3 SUSE Linux Micro 6.1:sudo-1.9.15p5-slfo.1.1_1.2 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P