Vulnerability-Lookup

CVE-2005-0758 (GCVE-0-2005-0758)

Vulnerability from cvelistv5 – Published: 2005-05-13 08:00 – Updated: 2024-08-07 21:28

Summary

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.ubuntu.com/usn/usn-158-1	vendor-advisoryx_refsource_UBUNTU
	http://www.osvdb.org/16371	vdb-entryx_refsource_OSVDB
	http://www.fedoralegacy.org/updates/FC2/2005-11-1…	vendor-advisoryx_refsource_FEDORA
	http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/22033	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2005-357.html	vendor-advisoryx_refsource_REDHAT
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.openpkg.com/security/advisories/OpenPK…	vendor-advisoryx_refsource_OPENPKG
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-20050…	vendor-advisoryx_refsource_GENTOO
	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005…	vendor-advisoryx_refsource_SCO
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/13582	vdb-entryx_refsource_BID
	http://secunia.com/advisories/18100	third-party-advisoryx_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://secunia.com/advisories/19183	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1013928	vdb-entryx_refsource_SECTRACK
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.redhat.com/support/errata/RHSA-2005-474.html	vendor-advisoryx_refsource_REDHAT
	http://bugs.gentoo.org/show_bug.cgi?id=90626	x_refsource_MISC
	http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:28:27.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-158-1"
          },
          {
            "name": "16371",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/16371"
          },
          {
            "name": "FLSA:158801",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
          },
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "MDKSA-2006:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
          },
          {
            "name": "22033",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22033"
          },
          {
            "name": "RHSA-2005:357",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "OpenPKG-SA-2007.002",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9797",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
          },
          {
            "name": "oval:org.mitre.oval:def:1107",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
          },
          {
            "name": "gzip-zgrep-file-installation(20539)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "GLSA-200505-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
          },
          {
            "name": "SCOSA-2005.58",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
          },
          {
            "name": "20060301-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "oval:org.mitre.oval:def:1081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
          },
          {
            "name": "13582",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13582"
          },
          {
            "name": "18100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18100"
          },
          {
            "name": "SSA:2006-262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
          },
          {
            "name": "19183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19183"
          },
          {
            "name": "1013928",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013928"
          },
          {
            "name": "MDKSA-2006:026",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
          },
          {
            "name": "RHSA-2005:474",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-09T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T04:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-158-1"
        },
        {
          "name": "16371",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/16371"
        },
        {
          "name": "FLSA:158801",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
        },
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "MDKSA-2006:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
        },
        {
          "name": "22033",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22033"
        },
        {
          "name": "RHSA-2005:357",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "OpenPKG-SA-2007.002",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9797",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
        },
        {
          "name": "oval:org.mitre.oval:def:1107",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
        },
        {
          "name": "gzip-zgrep-file-installation(20539)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "GLSA-200505-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
        },
        {
          "name": "SCOSA-2005.58",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
        },
        {
          "name": "20060301-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "oval:org.mitre.oval:def:1081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
        },
        {
          "name": "13582",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13582"
        },
        {
          "name": "18100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18100"
        },
        {
          "name": "SSA:2006-262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
        },
        {
          "name": "19183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19183"
        },
        {
          "name": "1013928",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013928"
        },
        {
          "name": "MDKSA-2006:026",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
        },
        {
          "name": "RHSA-2005:474",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-0758",
    "datePublished": "2005-05-13T08:00:00.000Z",
    "dateReserved": "2005-03-17T05:00:00.000Z",
    "dateUpdated": "2024-08-07T21:28:27.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2005-0758

Vulnerability from fkie_nvd - Published: 2005-05-13 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

References

URL	Tags
secalert@redhat.com	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt	Third Party Advisory
secalert@redhat.com	ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc	Third Party Advisory
secalert@redhat.com	http://bugs.gentoo.org/show_bug.cgi?id=90626	Third Party Advisory
secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=306172	Third Party Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2005-357.html	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/18100	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/19183	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/22033	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/26235	Third Party Advisory
secalert@redhat.com	http://securitytracker.com/id?1013928	Third Party Advisory, VDB Entry
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852	Third Party Advisory
secalert@redhat.com	http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html	Broken Link, Permissions Required
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml	Patch, Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:026	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:027	Third Party Advisory
secalert@redhat.com	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html	Third Party Advisory
secalert@redhat.com	http://www.osvdb.org/16371	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2005-474.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/13582	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/25159	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-158-1	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/2732	Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/20539	Third Party Advisory, VDB Entry
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=90626	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2005-357.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18100	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19183	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22033	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013928	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html	Broken Link, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:026	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:027	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/16371	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-474.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13582	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-158-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/20539	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797	Third Party Advisory

Impacted products

Vendor	Product	Version
gnu	gzip	*
canonical	ubuntu_linux	4.10
canonical	ubuntu_linux	5.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63ECC611-944C-43B6-A57C-443C413ECC13",
              "versionEndExcluding": "1.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "42E47538-08EE-4DC1-AC17-883C44CF77BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
    }
  ],
  "id": "CVE-2005-0758",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-13T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/18100"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/19183"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/22033"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1013928"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Permissions Required"
      ],
      "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/16371"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/13582"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-158-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/18100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/19183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/22033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1013928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Permissions Required"
      ],
      "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/16371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/13582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-158-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis - Published: 2007-08-01 - Updated: 2007-08-01

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

GSD-2005-0758

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Aliases

CVE-2005-0758

Aliases

CVE-2005-0758

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-0758",
    "description": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.",
    "id": "GSD-2005-0758",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-0758.html",
      "https://access.redhat.com/errata/RHSA-2005:474",
      "https://access.redhat.com/errata/RHSA-2005:357"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-0758"
      ],
      "details": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.",
      "id": "GSD-2005-0758",
      "modified": "2023-12-13T01:20:08.347845Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2005-0758",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/22033",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22033"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306172",
            "refsource": "MISC",
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "http://secunia.com/advisories/26235",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "name": "http://www.securityfocus.com/bid/25159",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/2732",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt",
            "refsource": "MISC",
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
          },
          {
            "name": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc",
            "refsource": "MISC",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
          },
          {
            "name": "http://bugs.gentoo.org/show_bug.cgi?id=90626",
            "refsource": "MISC",
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2005-357.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
          },
          {
            "name": "http://secunia.com/advisories/18100",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18100"
          },
          {
            "name": "http://secunia.com/advisories/19183",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/19183"
          },
          {
            "name": "http://securitytracker.com/id?1013928",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1013928"
          },
          {
            "name": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html",
            "refsource": "MISC",
            "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
          },
          {
            "name": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html",
            "refsource": "MISC",
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
          },
          {
            "name": "http://www.osvdb.org/16371",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/16371"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2005-474.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/13582",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/13582"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-158-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-158-1"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2005-0758"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200505-05",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=90626",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
            },
            {
              "name": "FLSA:158801",
              "refsource": "FEDORA",
              "tags": [
                "Broken Link",
                "Permissions Required"
              ],
              "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
            },
            {
              "name": "SCOSA-2005.58",
              "refsource": "SCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
            },
            {
              "name": "18100",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/18100"
            },
            {
              "name": "RHSA-2005:357",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
            },
            {
              "name": "USN-158-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-158-1"
            },
            {
              "name": "13582",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/13582"
            },
            {
              "name": "16371",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/16371"
            },
            {
              "name": "1013928",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1013928"
            },
            {
              "name": "RHSA-2005:474",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
            },
            {
              "name": "20060301-01-U",
              "refsource": "SGI",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
            },
            {
              "name": "19183",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/19183"
            },
            {
              "name": "SSA:2006-262",
              "refsource": "SLACKWARE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
            },
            {
              "name": "22033",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/22033"
            },
            {
              "name": "OpenPKG-SA-2007.002",
              "refsource": "OPENPKG",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "MDKSA-2006:026",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
            },
            {
              "name": "MDKSA-2006:027",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "gzip-zgrep-file-installation(20539)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
            },
            {
              "name": "oval:org.mitre.oval:def:9797",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
            },
            {
              "name": "oval:org.mitre.oval:def:1107",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
            },
            {
              "name": "oval:org.mitre.oval:def:1081",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-10-16T20:01Z",
      "publishedDate": "2005-05-13T04:00Z"
    }
  }
}

GHSA-GC4Q-MF7X-JRRP

Vulnerability from github – Published: 2022-05-03 03:14 – Updated: 2022-05-03 03:14

Details

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-0758"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-13T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.",
  "id": "GHSA-gc4q-mf7x-jrrp",
  "modified": "2022-05-03T03:14:04Z",
  "published": "2022-05-03T03:14:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0758"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18100"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19183"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22033"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1013928"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
    },
    {
      "type": "WEB",
      "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
    },
    {
      "type": "WEB",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/16371"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/13582"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-158-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-0758 (GCVE-0-2005-0758)

FKIE_CVE-2005-0758

CERTA-2007-AVI-340

Description

Solution

GSD-2005-0758

GHSA-GC4Q-MF7X-JRRP

Tags

Sightings

Nomenclature