Oval Definition:oval:org.mitre.oval:def:1107
Revision Date:2005-08-18Version:3
Title:gzip zgrep Sanitation Vulnerability
Description:zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0758
Platform(s):Red Hat Enterprise Linux 3
Product(s):gzip
Definition Synopsis
  • Software section
  • Red Hat Enterprise 3 is installed
  • AND gzip RPM earlier than 0:1.3.3-12rhel3
  • AND Configuration section
  • /usr/bin/zgrep is executable by any user
    • BACK