Definition

gzip Argument Sanitation Vulnerability

oval:org.mitre.oval:def:1081

zgrep in gzip before 1.3.5 does not properly sanitize arguments which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Family:

unix

Status:

ACCEPTED

Platform(s):

Red Hat Enterprise Linux 3

Class:

vulnerability

Reference(s):

CVE-2005-0758

Product(s):

zgrep