Local Command Execution in Gzip by GNU with Unsanitized Arguments
CVE-2005-0758

Currently unrated

Key Information:

Vendor

Gnu
Status
Gzip
Vendor
CVE Published:
13 May 2005

What is CVE-2005-0758?

The gzip utility, specifically the zgrep command, was found to lack proper sanitization in its argument handling, which permitted local users to execute arbitrary commands. This exploitation occurs when filenames injected into a sed script are not adequately validated. As a result, this vulnerability could allow an attacker to run arbitrary code with the privileges of the user running zgrep, potentially leading to unauthorized actions within the system. Users of affected versions are advised to upgrade to patched releases to mitigate the risk associated with this flaw.

References

http://www.ubuntu.com/usn/usn-158-1
vendor-advisoryx_refsource_UBUNTU
http://www.osvdb.org/16371
vdb-entryx_refsource_OSVDB
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2005-0758 : Local Command Execution in Gzip by GNU with Unsanitized Arguments