Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0758

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-0758
Last Modified 07 Mar 2011 09:20:32
Published 13 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0758

Summary

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Vulnerable Systems

Application

  • Gnu Gzip


References

GENTOO - GLSA-200505-05

XF - gzip-zgrep-file-installation(20539)

VUPEN - ADV-2007-2732

UBUNTU - USN-158-1

BID - 13582

REDHAT - RHSA-2005:474

OSVDB - 16371

FEDORA - FLSA:158801

SECTRACK - 1013928

SECUNIA - 19183

SECUNIA - 18100

REDHAT - RHSA-2005:357

MISC - http://bugs.gentoo.org/show_bug.cgi?id=90626

SGI - 20060301-01-U

SCO - SCOSA-2005.58

BID - 25159

OPENPKG - OpenPKG-SA-2007.002

MANDRIVA - MDKSA-2006:027

MANDRIVA - MDKSA-2006:026

SLACKWARE - SSA:2006-262

SECUNIA - 26235

SECUNIA - 22033

APPLE - APPLE-SA-2007-07-31

CONFIRM - http://docs.info.apple.com/article.html?artnum=306172

Related Patches

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server Universal) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Universal) (Rev 2)


Last Updated: 27 May 2016 10:39:55