Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0638

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0638
Last Modified 21 Aug 2010 12:26:28
Published 02 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0638

Summary

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Vulnerable Systems

Operating System

  • Altlinux Alt Linux 2.3

  • Suse Linux 1.0

  • Suse Linux 2.0

  • Suse Linux 3.0

  • Suse Linux 4.0

  • Suse Linux 4.2

  • Suse Linux 4.3

  • Suse Linux 4.4

  • Suse Linux 4.4.1

  • Suse Linux 5.0

  • Suse Linux 5.1

  • Suse Linux 5.2

  • Suse Linux 5.3

  • Suse Linux 6.0

  • Suse Linux 6.1

  • Suse Linux 6.2

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2

  • Suse Linux 7.3

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Suse Linux 9.3

Application

  • Xli 1.14

  • Xli 1.15

  • Xli 1.16

  • Xli 1.17


References

SECUNIA - 14459

DEBIAN - DSA-695

GENTOO - GLSA-200503-05

SECUNIA - 14462

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=79762

BID - 12712

FEDORA - FLSA-2006:152923

REDHAT - RHSA-2005:332

OSVDB - 14365

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf


Last Updated: 27 May 2016 10:39:52