CVE-2005-0758

Severity

46%

Complexity

39%

Confidentiality

106%

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2005-05-13 04:00:00

Last updated 5 years ago

2019-10-16 20:01:00

Affected Software

GNU Gzip

Canonical Ubuntu Linux 4.10

4.10

Canonical Ubuntu Linux 5.04

5.04

References

SCOSA-2005.58

Third Party Advisory

20060301-01-U

Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=90626

Third Party Advisory

http://docs.info.apple.com/article.html?artnum=306172

Third Party Advisory

APPLE-SA-2007-07-31

Mailing List, Third Party Advisory

RHSA-2005:357

Third Party Advisory

18100

Third Party Advisory

19183

Third Party Advisory

22033

Third Party Advisory

26235

Third Party Advisory

1013928

Third Party Advisory, VDB Entry

SSA:2006-262

Third Party Advisory

FLSA:158801

Broken Link, Permissions Required

GLSA-200505-05

Patch, Third Party Advisory

MDKSA-2006:026

Third Party Advisory

MDKSA-2006:027

Third Party Advisory

OpenPKG-SA-2007.002

Third Party Advisory

16371

Broken Link

RHSA-2005:474

Third Party Advisory

13582

Third Party Advisory, VDB Entry

25159

Third Party Advisory, VDB Entry

USN-158-1

Third Party Advisory

ADV-2007-2732

Third Party Advisory

gzip-zgrep-file-installation(20539)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:1081

Third Party Advisory

oval:org.mitre.oval:def:1107

Third Party Advisory

oval:org.mitre.oval:def:9797

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.