Upstream information
Description
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.6 |
Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2006:002, published Fri, 20 Jan 2006 15:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Micro 6.0 |
| Patchnames: SUSE Linux Enterprise Micro 6.0 GA sudo-1.9.15p5-1.3 |
SUSE Linux Enterprise Micro 6.1 |
| Patchnames: SUSE Linux Enterprise Micro 6.1 GA sudo-1.9.15p5-slfo.1.1_1.2 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11413 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:40:23 2013CVE page last modified: Sat Nov 23 13:10:58 2024