CVE-2005-0638

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

References

http://bugs.gentoo.org/show_bug.cgi?id=79762

http://secunia.com/advisories/14459

http://secunia.com/advisories/14462

http://security.gentoo.org/glsa/glsa-200503-05.xml

http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf

http://www.debian.org/security/2005/dsa-695

http://www.osvdb.org/14365

http://www.redhat.com/support/errata/RHSA-2005-332.html

http://www.securityfocus.com/archive/1/433935/30/5010/threaded

http://www.securityfocus.com/bid/12712

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898

Details

Source: MITRE

Published: 2005-03-02

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:xli:xli:1.14:*:*:*:*:*:*:*

cpe:2.3:a:xli:xli:1.15:*:*:*:*:*:*:*

cpe:2.3:a:xli:xli:1.16:*:*:*:*:*:*:*

cpe:2.3:a:xli:xli:1.17:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*

cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
67025CentOS 3 : xloadimage (CESA-2005:332-01)NessusCentOS Local Security Checks
high
21924CentOS 3 / 4 : xloadimage (CESA-2005:332)NessusCentOS Local Security Checks
high
19629Fedora Core 3 : xloadimage-4.1-34.FC3 (2005-237)NessusFedora Local Security Checks
high
18892FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)NessusFreeBSD Local Security Checks
high
18317Fedora Core 2 : xloadimage-4.1-34.FC2 (2005-236)NessusFedora Local Security Checks
high
18106Mandrake Linux Security Advisory : xli (MDKSA-2005:076)NessusMandriva Local Security Checks
high
18093RHEL 2.1 / 3 / 4 : xloadimage (RHSA-2005:332)NessusRed Hat Local Security Checks
high
17601Mandrake Linux Security Advisory : MySQL (MDKSA-2005:060)NessusMandriva Local Security Checks
high
17578Debian DSA-695-1 : xli - buffer overflow, input sanitising, integer overflowNessusDebian Local Security Checks
high
17577Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflowNessusDebian Local Security Checks
high
17261GLSA-200503-05 : xli, xloadimage: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high