CVE-2005-4158

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.6.8 p12

Description The issue allows limited local users to cause a Perl script to include and execute arbitrary library files. This is due to the failure to clear certain environment variables when the Perl taint flag is off. The variables PERLLIB, PERL5LIB, and PERL5OPT are not cleared, enabling the inclusion and execution of arbitrary library files with the same name as library files included by the script.

Recommendations For Sudo versions prior to 1.6.8 p12, update to version 1.6.8 p12 or later to resolve the issue. As a temporary workaround, consider setting the Perl taint flag to on to mitigate the risk of exploitation. Restrict access to the environment variables PERLLIB, PERL5LIB, and PERL5OPT to minimize the risk of arbitrary library file execution.