Back to search
CVE-2005-0758
Published: May 13, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-158-1
vendor-advisory
x_refsource_UBUNTU
16371
vdb-entry
x_refsource_OSVDB
FLSA:158801
vendor-advisory
x_refsource_FEDORA
ADV-2007-2732
vdb-entry
x_refsource_VUPEN
MDKSA-2006:027
vendor-advisory
x_refsource_MANDRIVA
22033
third-party-advisory
x_refsource_SECUNIA
RHSA-2005:357
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2007-07-31
vendor-advisory
x_refsource_APPLE
OpenPKG-SA-2007.002
vendor-advisory
x_refsource_OPENPKG
oval:org.mitre.oval:def:9797
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:1107
vdb-entry
signature
x_refsource_OVAL
gzip-zgrep-file-installation(20539)
vdb-entry
x_refsource_XF
http://docs.info.apple.com/article.html?artnum=306172
x_refsource_CONFIRM
GLSA-200505-05
vendor-advisory
x_refsource_GENTOO
25159
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:1081
vdb-entry
signature
x_refsource_OVAL
13582
vdb-entry
x_refsource_BID
18100
third-party-advisory
x_refsource_SECUNIA
SSA:2006-262
vendor-advisory
x_refsource_SLACKWARE
19183
third-party-advisory
x_refsource_SECUNIA
1013928
vdb-entry
x_refsource_SECTRACK
MDKSA-2006:026
vendor-advisory
x_refsource_MANDRIVA
RHSA-2005:474
vendor-advisory
x_refsource_REDHAT
http://bugs.gentoo.org/show_bug.cgi?id=90626
x_refsource_MISC
26235
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now