Lucene search

[email protected]CVE-2005-0758

HistoryMay 13, 2005 - 4:00 a.m.

CVE-2005-0758

2005-05-1304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zgrep

vulnerability

gzip

command injection

nvd

cve-2005-0758

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.2%

JSON

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CPENameOperatorVersion
gnu:gzipgnu gziplt1.3.5
canonical:ubuntu_linuxcanonical ubuntu linuxeq4.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq5.04

CPE	Name	Operator	Version
gnu:gzip	gnu gzip	lt	1.3.5
canonical:ubuntu_linux	canonical ubuntu linux	eq	4.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	5.04

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt

ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc

bugs.gentoo.org/show_bug.cgi?id=90626

docs.info.apple.com/article.html?artnum=306172

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

rhn.redhat.com/errata/RHSA-2005-357.html

secunia.com/advisories/18100

secunia.com/advisories/19183

secunia.com/advisories/22033

secunia.com/advisories/26235

securitytracker.com/id?1013928

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html

www.gentoo.org/security/en/glsa/glsa-200505-05.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:026

www.mandriva.com/security/advisories?name=MDKSA-2006:027

www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html

www.osvdb.org/16371

www.redhat.com/support/errata/RHSA-2005-474.html

www.securityfocus.com/bid/13582

www.securityfocus.com/bid/25159

www.ubuntu.com/usn/usn-158-1

www.vupen.com/english/advisories/2007/2732

exchange.xforce.ibmcloud.com/vulnerabilities/20539

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for CVE-2005-0758

nessus12 ubuntu2 securityvulns2 debiancve1 ubuntucve1 altlinux2 redhat2 centos4 gentoo1 openvas4 f52 slackware1 seebug1