CVE-2005-0758
published 2005-05-13CVE-2005-0758: zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.53%
40.7th percentile
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | >= 0 < 1.0.2-8.1 | 1.0.2-8.1 |
| bzip | bzip2 | >= 0 < 1.0.2-8.1 | 1.0.2-8.1 |
| bzip | bzip2 | >= 0 < 1.0.2-8.1 | 1.0.2-8.1 |
| bzip | bzip2 | >= 0 < 1.0.2-8.1 | 1.0.2-8.1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | bzip2 | < bzip2 1.0.2-8.1 (bookworm) | bzip2 1.0.2-8.1 (bookworm) |
| debian | gzip | < bzip2 1.0.2-8.1 (bookworm) | bzip2 1.0.2-8.1 (bookworm) |
| gnu | gzip | < 1.3.5 | 1.3.5 |
| gzip | gzip | >= 0 < 1.3.5-10 | 1.3.5-10 |
| gzip | gzip | >= 0 < 1.3.5-10 | 1.3.5-10 |
| gzip | gzip | >= 0 < 1.3.5-10 | 1.3.5-10 |
| gzip | gzip | >= 0 < 1.3.5-10 | 1.3.5-10 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gc4q-mf7x-jrrp: zgrep in gzip before 1
ghsa_unreviewed·2022-05-03
CVE-2005-0758 [MEDIUM] GHSA-gc4q-mf7x-jrrp: zgrep in gzip before 1
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
OSV
CVE-2005-0758: zgrep in gzip before 1
osv·2005-05-13·CVSS 4.6
CVE-2005-0758 [MEDIUM] CVE-2005-0758: zgrep in gzip before 1
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Ubuntu
bzip2 utility vulnerability
vendor_ubuntu·2005-08-05
CVE-2005-0758 bzip2 utility vulnerability
Title: bzip2 utility vulnerability
Summary: bzip2 utility vulnerability
USN-158-1 fixed a command injection vulnerability in the "zgrep"
utility. It was determined that the "bzgrep" counterpart in the bzip2
package is vulnerable to the same flaw.
bzgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user privileges if bzgrep was run in
an untrusted directory with specially crafted file names.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
gzip utility vulnerability
vendor_ubuntu·2005-08-01
CVE-2005-0758 gzip utility vulnerability
Title: gzip utility vulnerability
Summary: gzip utility vulnerability
zgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user privileges if zgrep is run in an
untrusted directory with specially crafted file names.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-04-22·CVSS 4.6
CVE-2005-0758 [MEDIUM] security flaw
security flaw
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-0758: bzip2 - zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows lo...
vendor_debian·2005·CVSS 4.6
CVE-2005-0758 [MEDIUM] CVE-2005-0758: bzip2 - zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows lo...
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Scope: local
bookworm: resolved (fixed in 1.0.2-8.1)
bullseye: resolved (fixed in 1.0.2-8.1)
forky: resolved (fixed in 1.0.2-8.1)
sid: resolved (fixed in 1.0.2-8.1)
trixie: resolved (fixed in 1.0.2-8.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0758 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2005-0758 [MEDIUM] CVE-2005-0758 security flaw
CVE-2005-0758 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2005-0758 bzgrep has security issue in sed usage
bugzilla·2005-06-08·CVSS 4.6
CVE-2005-0758 [MEDIUM] CVE-2005-0758 bzgrep has security issue in sed usage
CVE-2005-0758 bzgrep has security issue in sed usage
+++ This bug was initially created as a clone of Bug #121514 +++
Al Viro posted to vendor-sec on Apr22:
zgrep contains the following gem:
for i do
[snip]
if test $with_filename -eq 1; then
sed_script="s|^[^:]*:|${i}:|"
else
sed_script="s|^|${i}:|"
fi
$grep $opt "$pat" | sed "$sed_script"
[snip]
done
Aside of the correctness issues (try to use zgrep on files with e.g.
'&' in names), it leads to obvious fun when zgrep arguments had been
obtained by globbing in an untrusted place. Even with standard sed we
have at least ;w; to deal with; for GNU sed there's also ;e;
on top of that (execute the contents of pattern space). bzgrep is no
better - it's based on zgrep.
AFAICS, there are two solutions - one is to do what *BSD had done and
ma
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txtftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://bugs.gentoo.org/show_bug.cgi?id=90626http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2005-357.htmlhttp://secunia.com/advisories/18100http://secunia.com/advisories/19183http://secunia.com/advisories/22033http://secunia.com/advisories/26235http://securitytracker.com/id?1013928http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200505-05.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:026http://www.mandriva.com/security/advisories?name=MDKSA-2006:027http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlhttp://www.osvdb.org/16371http://www.redhat.com/support/errata/RHSA-2005-474.htmlhttp://www.securityfocus.com/bid/13582http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-158-1http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/20539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txtftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://bugs.gentoo.org/show_bug.cgi?id=90626http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2005-357.htmlhttp://secunia.com/advisories/18100http://secunia.com/advisories/19183http://secunia.com/advisories/22033http://secunia.com/advisories/26235http://securitytracker.com/id?1013928http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200505-05.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:026http://www.mandriva.com/security/advisories?name=MDKSA-2006:027http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlhttp://www.osvdb.org/16371http://www.redhat.com/support/errata/RHSA-2005-474.htmlhttp://www.securityfocus.com/bid/13582http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-158-1http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/20539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797
2005-05-13
Published