[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0758Date: (C)2005-05-13   (M)2023-12-22


zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1013928
BID-13582
OSVDB-16371
SECUNIA-18100
SECUNIA-19183
20060301-01-U
SECUNIA-22033
BID-25159
SECUNIA-26235
ADV-2007-2732
APPLE-SA-2007-07-31
FLSA:158801
GLSA-200505-05
MDKSA-2006:026
MDKSA-2006:027
OpenPKG-SA-2007.002
RHSA-2005:357
RHSA-2005:474
SCOSA-2005.58
SSA:2006-262
USN-158-1
gzip-zgrep-file-installation(20539)
http://bugs.gentoo.org/show_bug.cgi?id=90626
http://docs.info.apple.com/article.html?artnum=306172
oval:org.mitre.oval:def:1081
oval:org.mitre.oval:def:1107
oval:org.mitre.oval:def:9797

CPE    3
cpe:/o:canonical:ubuntu_linux:4.10
cpe:/o:canonical:ubuntu_linux:5.04
cpe:/a:gnu:gzip

© SecPod Technologies