Charles Morris

**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.6.8 p12 **Description** The issue allows limited local users to cause a Perl script to include and execute arbitrary library files. This is due to the failure to clear certain environment variables when the Perl taint flag is off. The variables `PERLLIB`, `PERL5LIB`, and `PERL5OPT` are not cleared, enabling the inclusion and execution of arbitrary library files with the same name as library files included by the script. **Recommendations** For Sudo versions prior to 1.6.8 p12, update to version 1.6.8 p12 or later to resolve the issue. As a temporary workaround, consider setting the Perl taint flag to on to mitigate the risk of exploitation. Restrict access to the environment variables `PERLLIB`, `PERL5LIB`, and `PERL5OPT` to minimize the risk of arbitrary library file execution.