Gzip Zgrep Arbitrary Command Execution Vulnerability

Bugtraq ID: 13582
Class: Input Validation Error
CVE: CVE-2005-0758
Remote: Yes
Local: No
Published: May 10 2005 12:00AM
Updated: Aug 01 2007 08:25PM
Credit: The discoverer of this issue is unknown.
Vulnerable: Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
SGI ProPack 3.0 SP5
SGI ProPack 3.0
SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
SCO Open Server 6.0
SCO Open Server 5.0.7
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenPKG OpenPKG Stable
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
OpenPKG OpenPKG 2-Stable-20061018
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU zgrep 1.2.4 a
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU zgrep 1.2.4
F5 BigIP 4.6.3
F5 BigIP 4.6.2
F5 BigIP 4.6
F5 BigIP 4.5.12
F5 BigIP 4.5.11
F5 BigIP 4.5.10
F5 BigIP 4.5.9
F5 BigIP 4.5.6
F5 BigIP 4.5
F5 BigIP 4.4
F5 BigIP 4.3
F5 BigIP 4.2
F5 BigIP 4.0
F5 3-DNS 4.6.3
F5 3-DNS 4.6.2
F5 3-DNS 4.6
F5 3-DNS 4.5.12
F5 3-DNS 4.5.11
F5 3-DNS 4.5
F5 3-DNS 4.4
F5 3-DNS 4.3
F5 3-DNS 4.2
bzip2 bzip2 1.0.2
bzip2 bzip2 1.0.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- Trustix Secure Linux 1.5
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Network Messaging
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya Intuity LX
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.10
Apple Mac OS X 10.3.9
Not Vulnerable: F5 BigIP 4.7
F5 BigIP 4.5.13
F5 3-DNS 4.7
F5 3-DNS 4.5.13


 

Privacy Statement
Copyright 2010, SecurityFocus