Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-0758

Published: 13/05/2005 Updated: 16/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 410
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gzip

Vulnerability Summary

zgrep in gzip prior to 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gzip

canonical ubuntu linux 4.10

canonical ubuntu linux 5.04

Vendor Advisories

Red Hat: bzip2 security update
Synopsis bzip2 security update Type/Severity Security Advisory: Low Topic Updated bzip2 packages that fix multiple issues are now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team[Updated 13 February 2006]Replacement bzip2 packages for Red Hat Enterpris ...
Red Hat: gzip security update
Synopsis gzip security update Type/Severity Security Advisory: Low Topic An updated gzip package is now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description The gzip package contains the GNU gzip data compression programA bug ...
Ubuntu Security Notice: bzip2 vulnerability
USN-158-1 fixed a command injection vulnerability in the “zgrep” utility It was determined that the “bzgrep” counterpart in the bzip2 package is vulnerable to the same flaw ...
Ubuntu Security Notice: gzip vulnerability
zgrep did not handle shell metacharacters like ‘|’ and ‘&’ properly when they occurred in input file names This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names ...

Github Repositories

https://github.com/actions-marketplace-validations/phonito_phonito-scanner-action

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== â

https://github.com/phonito/phonito-scanner-action

Free Docker Vulnerability Scanning for CI/CD integration

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== â

References

NVD-CWE-Otherhttp://www.gentoo.org/security/en/glsa/glsa-200505-05.xmlhttp://bugs.gentoo.org/show_bug.cgi?id=90626http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txthttp://secunia.com/advisories/18100http://rhn.redhat.com/errata/RHSA-2005-357.htmlhttp://www.ubuntu.com/usn/usn-158-1http://www.securityfocus.com/bid/13582http://www.osvdb.org/16371http://securitytracker.com/id?1013928http://www.redhat.com/support/errata/RHSA-2005-474.htmlftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://secunia.com/advisories/19183http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852http://secunia.com/advisories/22033http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlhttp://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:026http://www.mandriva.com/security/advisories?name=MDKSA-2006:027http://www.securityfocus.com/bid/25159http://secunia.com/advisories/26235http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/20539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081https://access.redhat.com/errata/RHSA-2005:474https://nvd.nist.govhttps://usn.ubuntu.com/161-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook