Gzip Zgrep Arbitrary Command Execution Vulnerability
BID:13582
Info
Gzip Zgrep Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 13582 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0758 |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | Aug 01 2007 08:25PM |
| Credit: | The discoverer of this issue is unknown. |
| Vulnerable: |
Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Home Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SP6 SGI ProPack 3.0 SP5 SGI ProPack 3.0 SGI Advanced Linux Environment 3.0 SCO Unixware 7.1.4 SCO Open Server 6.0 SCO Open Server 5.0.7 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 GNU zgrep 1.2.4 a GNU zgrep 1.2.4 F5 BIG-IP 4.6.3 F5 BIG-IP 4.6.2 F5 BIG-IP 4.6 F5 BIG-IP 4.5.12 F5 BIG-IP 4.5.11 F5 BIG-IP 4.5.10 F5 BIG-IP 4.5.9 F5 BIG-IP 4.5.6 F5 BIG-IP 4.5 F5 BIG-IP 4.4 F5 BIG-IP 4.3 F5 BIG-IP 4.2 F5 BIG-IP 4.0 F5 3-DNS 4.6.3 F5 3-DNS 4.6.2 F5 3-DNS 4.6 F5 3-DNS 4.5.12 F5 3-DNS 4.5.11 F5 3-DNS 4.5 F5 3-DNS 4.4 F5 3-DNS 4.3 F5 3-DNS 4.2 bzip2 bzip2 1.0.2 bzip2 bzip2 1.0.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Network Messaging Avaya Modular Messaging (MSS) 2.0 Avaya Modular Messaging (MSS) 1.1 Avaya Intuity LX Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN Avaya Converged Communications Server 2.0 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.10 Apple Mac OS X 10.3.9 |
| Not Vulnerable: |
F5 BIG-IP 4.7 F5 BIG-IP 4.5.13 F5 3-DNS 4.7 F5 3-DNS 4.5.13 |
Discussion
Gzip Zgrep Arbitrary Command Execution Vulnerability
The 'zgrep' utility is reportedly affected by an arbitrary command-execution vulnerability.
An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. Note that this issue poses a security threat only if the arguments originate from a malicious source.
This issue affects zgrep 1.2.4; other versions may be affected as well.
The 'zgrep' utility is reportedly affected by an arbitrary command-execution vulnerability.
An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. Note that this issue poses a security threat only if the arguments originate from a malicious source.
This issue affects zgrep 1.2.4; other versions may be affected as well.
Exploit / POC
Gzip Zgrep Arbitrary Command Execution Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Gzip Zgrep Arbitrary Command Execution Vulnerability
Solution:
Please see the referenced vendor advisories for details on obtaining and applying fixes.
Turbolinux Home
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.2 x86_64
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.10
Apple Mac OS X Server 10.4.10
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
MandrakeSoft Corporate Server 3.0
SGI ProPack 3.0 SP5
MandrakeSoft Corporate Server 3.0 x86_64
SCO Open Server 5.0.7
SCO Open Server 6.0
Turbolinux Turbolinux Server 7.0
SCO Unixware 7.1.4
Solution:
Please see the referenced vendor advisories for details on obtaining and applying fixes.
Turbolinux Home
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gzip-1.3.3-7.i586.rpm
Turbolinux Appliance Server 1.0 Hosting Edition
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux Appliance Server 1.0 Hosting Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux Appliance Server 1.0 Workgroup Edition
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux Appliance Server 1.0 Workgroup Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux Turbolinux Server 10.0
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux 10 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/gzip-1.3.3-7.i586.rpm
Turbolinux Turbolinux Desktop 10.0
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gzip-1.3.3-7.i586.rpm
Mandriva Linux Mandrake 10.1
-
Mandriva gzip-1.2.4a-13.2.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-13.2.101mdk.src.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.1 x86_64
-
Mandriva gzip-1.2.4a-13.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-13.2.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2
-
Mandriva gzip-1.2.4a-14.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-14.1.102mdk.src.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2 x86_64
-
Mandriva gzip-1.2.4a-14.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-14.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.10
-
Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/ -
Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.10
-
Apple SecUpdSrvr2007-007Ti.dmg For Mac OS X Server v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/ -
Apple SecUpdSrvr2007-007Universal.dmg For Mac OS X Server v10.4.10 (Universal)
http://www.apple.com/support/downloads/
MandrakeSoft Corporate Server 2.1 x86_64
-
Mandriva gzip-1.2.4a-11.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-11.4.C21mdk.x86_64.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 2.1
-
Mandriva gzip-1.2.4a-11.4.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-11.4.C21mdk.src.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0
-
Mandriva gzip-1.2.4a-13.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-13.2.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
SGI ProPack 3.0 SP5
-
SGI Patch 10179
SGI Advanced Linux Environment
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva gzip-1.2.4a-13.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva gzip-1.2.4a-13.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
SCO Open Server 5.0.7
-
SCO osr507mp4_vol.tar
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
SCO Open Server 6.0
-
SCO VOL.000.000 for SCOSA-2005.59
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.59
Turbolinux Turbolinux Server 7.0
-
Turbolinux gzip-1.3.3-7.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/gzip-1.3.3-7.i586.rpm
SCO Unixware 7.1.4
-
SCO gzip.image
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58
References
Gzip Zgrep Arbitrary Command Execution Vulnerability
References:
References:
- ASA-2005-172 - gzip security update - (RHSA-2005-357) (Avaya)
- Gzip zgrep Implementation May Let Remote Users Execute Arbitrary Commands (SecurityTracker)
- RHSA-2005:357-19 - gzip security update (RedHat)
- RHSA-2005:474-15 - bzip2 security update (RedHat)
- RHSA-2005:474-21 - bzip2 security update (RedHat)
- Solution ID: SOL4532 (F5 Software)