Executive Summary
Summary | |
---|---|
Title | gzip utility vulnerability |
Informations | |||
---|---|---|---|
Name | USN-158-1 | First vendor Publication | 2005-08-01 |
Vendor | Ubuntu | Last vendor Modification | 2005-08-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gzip The problem can be corrected by upgrading the affected package to version 1.3.5-9ubuntu3.3 (for Ubuntu 4.10), or 1.3.5-9ubuntu3.4 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: zgrep did not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names. |
Original Source
Url : http://www.ubuntu.com/usn/USN-158-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1081 | |||
Oval ID: | oval:org.mitre.oval:def:1081 | ||
Title: | gzip Argument Sanitation Vulnerability | ||
Description: | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0758 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | zgrep |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1107 | |||
Oval ID: | oval:org.mitre.oval:def:1107 | ||
Title: | gzip zgrep Sanitation Vulnerability | ||
Description: | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0758 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | gzip |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9797 | |||
Oval ID: | oval:org.mitre.oval:def:9797 | ||
Title: | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||
Description: | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0758 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 8 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-05 (gzip) File : nvt/glsa_200505_05.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-262-01 gzip File : nvt/esoft_slk_ssa_2006_262_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16371 | zgrep Unspecified Arbitrary Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-262-01.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-357.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-474.nasl - Type : ACT_GATHER_INFO |
2006-02-01 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-026.nasl - Type : ACT_GATHER_INFO |
2006-02-01 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-027.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-158-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-161-1.nasl - Type : ACT_GATHER_INFO |
2005-06-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-474.nasl - Type : ACT_GATHER_INFO |
2005-06-13 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-357.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-092.nasl - Type : ACT_GATHER_INFO |
2005-05-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-05.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:46 |
|