Vulnerability Name:

CVE-2005-0638 (CCN-19749)

Assigned:2005-02-18
Published:2005-02-18
Updated:2018-10-19
Summary:xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=79762

Source: MITRE
Type: CNA
CVE-2005-0638

Source: CCN
Type: RHSA-2005-332
xloadimage security update

Source: CCN
Type: SA14459
xli Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
14459

Source: CCN
Type: SA14462
Xloadimage Compressed Images Filename Shell Command Injection

Source: SECUNIA
Type: Vendor Advisory
14462

Source: GENTOO
Type: Vendor Advisory
GLSA-200503-05

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf

Source: DEBIAN
Type: Vendor Advisory
DSA-695

Source: DEBIAN
Type: DSA-694
xloadimage -- missing input sanitising

Source: DEBIAN
Type: DSA-695
xli -- buffer overflow

Source: CCN
Type: xloadimage Web page
What is Xloadimage?

Source: CCN
Type: GLSA-200503-05
xli, xloadimage: Multiple vulnerabilities

Source: OSVDB
Type: UNKNOWN
14365

Source: CCN
Type: OSVDB ID: 14365
xli Compressed Image Filename Shell Metacharacter Arbitrary Command Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2005:332

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152923

Source: BID
Type: UNKNOWN
12712

Source: CCN
Type: BID-12712
XLoadImage Compressed Image Command Execution Vulnerability

Source: CCN
Type: TLSA-2005-43
Sanitization bug

Source: XF
Type: UNKNOWN
xloadimage-gunzip-bo(19749)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10898

Source: SUSE
Type: SUSE-SR:2005:012
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:xli:xli:1.14:*:*:*:*:*:*:*
  • OR cpe:/a:xli:xli:1.15:*:*:*:*:*:*:*
  • OR cpe:/a:xli:xli:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:xli:xli:1.17:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*
  • OR cpe:/o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:spa:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050638
    V
    		CVE-2005-0638
    2015-11-16
    oval:org.mitre.oval:def:10898
    V
    		xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
    2013-04-29
    oval:com.redhat.rhsa:def:20050332
    P
    		RHSA-2005:332: xloadimage security update (Low)
    2005-04-19
    oval:org.debian:def:694
    V
    		missing input sanitising, integer overflow
    2005-03-21
    oval:org.debian:def:695
    V
    		buffer overflow, input sanitising, integer overflow
    2005-03-21
    BACK
    xli xli 1.14
    xli xli 1.15
    xli xli 1.16
    xli xli 1.17
    altlinux alt linux 2.3
    altlinux alt linux 2.3
    suse suse linux 1.0
    suse suse linux 2.0
    suse suse linux 3.0
    suse suse linux 4.0
    suse suse linux 4.2
    suse suse linux 4.3
    suse suse linux 4.4
    suse suse linux 4.4.1
    suse suse linux 5.0
    suse suse linux 5.1
    suse suse linux 5.2
    suse suse linux 5.3
    suse suse linux 6.0
    suse suse linux 6.1
    suse suse linux 6.1 alpha
    suse suse linux 6.2
    suse suse linux 6.3
    suse suse linux 6.3
    suse suse linux 6.3 alpha
    suse suse linux 6.4
    suse suse linux 6.4
    suse suse linux 6.4
    suse suse linux 6.4 alpha
    suse suse linux 7.0
    suse suse linux 7.0
    suse suse linux 7.0
    suse suse linux 7.0
    suse suse linux 7.0 alpha
    suse suse linux 7.1
    suse suse linux 7.1
    suse suse linux 7.1
    suse suse linux 7.1
    suse suse linux 7.1 alpha
    suse suse linux 7.2
    suse suse linux 7.2
    suse suse linux 7.3
    suse suse linux 7.3
    suse suse linux 7.3
    suse suse linux 7.3
    suse suse linux 8.0
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.3