9 matches found
FreeBSD Ports: xli
The remote host is missing an update to the system as announced in the referenced advisory. VID 310d0087-0fde-4929-a41f-96f17c5adffe OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
Fedora Core 2 : xloadimage-4.1-34.FC2 (2005-236)
This update fixes CVE-2005-0638, a problem in the parsing of shell metacharacters in filenames. It also fixes bugs in handling of malformed TIFF and PBM/PNM/PPM issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...
RHEL 4 : xloadimage (RHSA-2005:332)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:332 advisory. The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
CVE-2005-0638 affects xloadimage (and xli) where filenames are not properly quoted when invoking gunzip, allowing shell metacharacter injection and arbitrary command execution when a malformed filename is processed. The issue impacts xloadimage prior to version 4.1-r2 and xli prior to 1.17, acros...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...