| Vulnerability Name: | CVE-2005-0758 (CCN-20539) | ||||||||||||||||||||||||
| Assigned: | 2005-04-22 | ||||||||||||||||||||||||
| Published: | 2005-04-22 | ||||||||||||||||||||||||
| Updated: | 2019-10-16 | ||||||||||||||||||||||||
| Summary: | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||||||
| References: | Source: SCO Type: Third Party Advisory SCOSA-2005.58 Source: SGI Type: Third Party Advisory 20060301-01-U Source: CCN Type: Bugzilla Bug 90626 app-arch/gzip zgrep issue (CAN-2005-0758) Source: MISC Type: Third Party Advisory http://bugs.gentoo.org/show_bug.cgi?id=90626 Source: MITRE Type: CNA CVE-2005-0758 Source: CCN Type: Apple Security Update 2007-007 About Security Update 2007-007 Source: CONFIRM Type: Third Party Advisory http://docs.info.apple.com/article.html?artnum=306172 Source: CCN Type: Apple Web site Apple security updates Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2007-07-31 Source: CCN Type: RHSA-2005-357 gzip security update Source: REDHAT Type: Third Party Advisory RHSA-2005:357 Source: CCN Type: RHSA-2005-474 bzip2 security update Source: SECUNIA Type: Third Party Advisory 18100 Source: SECUNIA Type: Third Party Advisory 19183 Source: SECUNIA Type: Third Party Advisory 22033 Source: CCN Type: SA26235 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26235 Source: CCN Type: SECTRACK ID: 1013928 Gzip zgrep Implementation May Let Remote Users Execute Arbitrary Commands Source: SECTRACK Type: Third Party Advisory, VDB Entry 1013928 Source: SLACKWARE Type: Third Party Advisory SSA:2006-262 Source: CCN Type: ASA-2006-040 Gzip Multiple Vulnerabilities (SCOSA-2005.58) Source: FEDORA Type: Broken Link, Permissions Required FLSA:158801 Source: CCN Type: GLSA-200505-05 gzip: Multiple vulnerabilities Source: GENTOO Type: Patch, Third Party Advisory GLSA-200505-05 Source: CCN Type: gzip Home page The gzip home page Source: MANDRIVA Type: Third Party Advisory MDKSA-2006:026 Source: MANDRIVA Type: Third Party Advisory MDKSA-2006:027 Source: CCN Type: OpenPKG-SA-2007.002 bzip2 Source: OPENPKG Type: Third Party Advisory OpenPKG-SA-2007.002 Source: OSVDB Type: Broken Link 16371 Source: CCN Type: OSVDB ID: 16371 zgrep Unspecified Arbitrary Command Execution Source: REDHAT Type: Third Party Advisory RHSA-2005:474 Source: BID Type: Third Party Advisory, VDB Entry 13582 Source: CCN Type: BID-13582 Gzip Zgrep Arbitrary Command Execution Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 25159 Source: CCN Type: BID-25159 Apple Mac OS X 2007-007 Multiple Security Vulnerabilities Source: CCN Type: TLSA-2005-59 Multiple vulnerabilities exist in gzip Source: CCN Type: USN-158-1 gzip utility vulnerability Source: UBUNTU Type: Third Party Advisory USN-158-1 Source: CCN Type: USN-161-1 bzip2 utility vulnerability Source: VUPEN Type: Third Party Advisory ADV-2007-2732 Source: XF Type: Third Party Advisory, VDB Entry gzip-zgrep-file-installation(20539) Source: XF Type: UNKNOWN gzip-zgrep-bzgrep-code-execution(20539) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1081 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1107 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:9797 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||