CVE-2005-4158

Related Files

Mandriva Linux Security Advisory 2006.159

Posted Sep 7, 2006

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-159 - Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made available.

tags | advisory

systems | linux, mandriva

advisories | CVE-2005-4158, CVE-2006-0151

SHA-256 | f86071435472415301e61cdb8b22e129f5252ec85ef47195a520ed43c6fc516a

Download | Favorite | View

Ubuntu Security Notice 235-2

Posted Jan 10, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-235-2 - USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges.

tags | advisory, python

systems | linux, ubuntu

advisories | CVE-2005-4158

SHA-256 | 9364621ca1386d4eb6039a9c6fc2ed92b24f6445ebcca81ce0c878381741b487

Download | Favorite | View

Ubuntu Security Notice 235-1

Posted Jan 8, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-235-1 - Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the target user.

tags | advisory, arbitrary, perl

systems | linux, ubuntu

advisories | CVE-2005-4158

SHA-256 | 744baaea5401a092c998c606b7d1fa20aca64e1740e0b9e77e2af64c6bc75d26

Download | Favorite | View