Описание
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-0638
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
- http://bugs.gentoo.org/show_bug.cgi?id=79762
- http://secunia.com/advisories/14459
- http://secunia.com/advisories/14462
- http://security.gentoo.org/glsa/glsa-200503-05.xml
- http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
- http://www.debian.org/security/2005/dsa-695
- http://www.osvdb.org/14365
- http://www.redhat.com/support/errata/RHSA-2005-332.html
- http://www.securityfocus.com/archive/1/433935/30/5010/threaded
- http://www.securityfocus.com/bid/12712
EPSS
CVE ID
Связанные уязвимости
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to exe ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS