ID

VAR-200505-1436


CVE

CVE-2005-0758


TITLE

gzip of zgrep Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2005-000228

DESCRIPTION

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ GNU zip (gzip) Is a utility that compresses and decompresses files. grep Run zgrep Or unzip the compressed file gunzip Each tool is packaged. Gzip 1.2.4 Previously, there were several security issues: 1) gzip 1.2.4 Included before zgrep There is a problem that does not properly sanitize arguments. (CAN-2005-0758) Details are currently unknown, but local attackers who exploit this issue zgrep An arbitrary command may be executed by passing an intentional file name to. 2) gzip 1.2.4 Previously, when decompressing a compressed file, there was a problem that caused a race condition between writing the decompressed file and changing permissions. (CAN-2005-0988) A local attacker who exploits this issue could alter the permissions of an arbitrary file by replacing the decompressed file with a hard link to the arbitrary file at a specific time. 3) gzip 1.2.4 Included before gunzip Is -N When decompressing a compressed file with a flag, there is a problem that the validity of the file name is not properly checked. (CAN-2005-1228) A remote attacker who exploits this issue ".." Send a compressed file that is a compressed file containing an intentional character string to the target user gzip Inducing a directory traversal attack by inducing unpacking with.Please refer to the “Overview” for the impact of this vulnerability. The 'zgrep' utility is reportedly affected by an arbitrary command-execution vulnerability. An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. Note that this issue poses a security threat only if the arguments originate from a malicious source. This issue affects zgrep 1.2.4; other versions may be affected as well. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: gzip Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA15047 VERIFY ADVISORY: http://secunia.com/advisories/15047/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: gzip 1.x http://secunia.com/product/4220/ DESCRIPTION: Ulf H\xe4rnhammar has reported a vulnerability in gzip, which potentially can be exploited by malicious people to compromise a user's system. This makes it possible to have a file extracted to an arbitrary location outside the current directory via directory traversal attacks. The vulnerability has been reported in version 1.2.4, 1.2.4a, 1.3.3, 1.3.4 and 1.3.5. SOLUTION: Do not extract untrusted ".gz" files with the "-N" flag. PROVIDED AND/OR DISCOVERED BY: Ulf H\xe4rnhammar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200505-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gzip: Multiple vulnerabilities Date: May 09, 2005 Bugs: #89946, #90626 ID: 200505-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== gzip contains multiple vulnerabilities potentially allowing an attacker to execute arbitrary commands. The zgrep utility improperly sanitizes arguments, which may come from an untrusted source (CAN-2005-0758). Impact ====== These vulnerabilities could allow arbitrary command execution, changing the permissions of arbitrary files, and installation of files to an aribitrary location in the filesystem. Workaround ========== There is no known workaround at this time. Resolution ========== All gzip users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6" References ========== [ 1 ] CAN-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758 [ 2 ] CAN-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 [ 3 ] CAN-2005-1228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200505-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.002 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.002 Advisory Published: 2007-01-05 21:58 UTC Issue Id (internal): OpenPKG-SI-20070105.01 Issue First Created: 2007-01-05 Issue Last Modified: 2007-01-05 Issue Revision: 04 ____________________________________________________________________________ Subject Name: bzip2 Subject Summary: Compression Tool Subject Home: http://www.bzip.org/ Subject Versions: * <= 1.0.3 Vulnerability Id: CVE-2005-0953, CVE-2005-0758 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: manipulation of data, arbitrary code execution Description: Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2 [0], versions up to and including 1.0.3. References: [0] http://www.bzip.org/ ____________________________________________________________________________ Primary Package Name: bzip2 Primary Package Home: http://openpkg.org/go/package/bzip2 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID bzip2-1.0.3-E1.0.1 OpenPKG Enterprise E1.0-SOLID openpkg-E1.0.2-E1.0.2 OpenPKG Community 2-STABLE-20061018 bzip2-1.0.4-2.20070105 OpenPKG Community 2-STABLE-20061018 openpkg-2.20070105-2.20070105 OpenPKG Community 2-STABLE bzip2-1.0.4-2.20070105 OpenPKG Community 2-STABLE openpkg-2.20070105-2.20070105 OpenPKG Community CURRENT bzip2-1.0.4-20070105 OpenPKG Community CURRENT openpkg-20070105-20070105 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFFnrwRZwQuyWG3rjQRAgkdAJ9YBx7auj7ursOTj5M/78Kq3SlGlACfc0aV 2IRFnTk4CCJwa9FPgv1z7c0= =Iq2w -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2005-0758 // JVNDB: JVNDB-2005-000228 // BID: 13582 // VULMON: CVE-2005-0758 // PACKETSTORM: 37396 // PACKETSTORM: 38412 // PACKETSTORM: 53505

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:5.04

Trust: 1.0

vendor:gnumodel:gzipscope:ltversion:1.3.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:4.10

Trust: 1.0

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:gnumodel:gzipscope: - version: -

Trust: 0.6

vendor:turbolinuxmodel:workstationscope:eqversion:8.0

Trust: 0.3

vendor:turbolinuxmodel:workstationscope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:8.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:desktopscope:eqversion:10.0

Trust: 0.3

vendor:turbolinuxmodel:homescope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:appliance server workgroup editionscope:eqversion:1.0

Trust: 0.3

vendor:turbolinuxmodel:appliance server hosting editionscope:eqversion:1.0

Trust: 0.3

vendor:trustixmodel:secure linuxscope:eqversion:3.0

Trust: 0.3

vendor:trustixmodel:secure linuxscope:eqversion:2.2

Trust: 0.3

vendor:trustixmodel:secure enterprise linuxscope:eqversion:2.0

Trust: 0.3

vendor:sgimodel:propack sp6scope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:propack sp5scope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:advanced linux environmentscope:eqversion:3.0

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:7.1.4

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:6.0

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.7

Trust: 0.3

vendor:redhatmodel:linux i386scope:eqversion:9.0

Trust: 0.3

vendor:redhatmodel:linux i686scope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linux i386scope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:fedora core3scope: - version: -

Trust: 0.3

vendor:redhatmodel:fedora core2scope: - version: -

Trust: 0.3

vendor:redhatmodel:fedora core1scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processor ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:openpkgmodel:stablescope: - version: -

Trust: 0.3

vendor:openpkgmodel:e1.0-solidscope: - version: -

Trust: 0.3

vendor:openpkgmodel:currentscope: - version: -

Trust: 0.3

vendor:openpkgmodel:2-stable-20061018scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2006.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2006.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.2

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:2.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:gnumodel:zgrep ascope:eqversion:1.2.4

Trust: 0.3

vendor:gnumodel:zgrepscope:eqversion:1.2.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.6.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.6.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.6

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.12

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.11

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.9

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.6

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.0

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.6.3

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.6.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.6

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5.12

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5.11

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.4

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.3

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.2

Trust: 0.3

vendor:bzip2model:bzip2scope:eqversion:1.0.2

Trust: 0.3

vendor:bzip2model:bzip2scope:eqversion:1.0.1

Trust: 0.3

vendor:avayamodel:s8710 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8710 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8700 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8700 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:network messagingscope: - version: -

Trust: 0.3

vendor:avayamodel:modular messagingscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:modular messagingscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:intuity lxscope: - version: -

Trust: 0.3

vendor:avayamodel:integrated managementscope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:integrated managementscope: - version: -

Trust: 0.3

vendor:avayamodel:cvlanscope: - version: -

Trust: 0.3

vendor:avayamodel:converged communications serverscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:f5model:big-ipscope:neversion:4.7

Trust: 0.3

vendor:f5model:big-ipscope:neversion:4.5.13

Trust: 0.3

vendor:f5model:3-dnsscope:neversion:4.7

Trust: 0.3

vendor:f5model:3-dnsscope:neversion:4.5.13

Trust: 0.3

sources: BID: 13582 // JVNDB: JVNDB-2005-000228 // CNNVD: CNNVD-200505-1008 // NVD: CVE-2005-0758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0758
value: MEDIUM

Trust: 1.0

NVD: CVE-2005-0758
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200505-1008
value: MEDIUM

Trust: 0.6

VULMON: CVE-2005-0758
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0758
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2005-0758 // JVNDB: JVNDB-2005-000228 // CNNVD: CNNVD-200505-1008 // NVD: CVE-2005-0758

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0758

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200505-1008

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200505-1008

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000228

PATCH

title:AXSA-2005-51:1url:http://www.miraclelinux.com/support/update/list.php?errata_id=87

Trust: 0.8

title:AXSA-2006-27:1url:http://www.miraclelinux.com/support/update/list.php?errata_id=342

Trust: 0.8

title:bzip2url:http://www.miraclelinux.com/support/update/data/bzip2.html

Trust: 0.8

title:gzipurl:http://www.miraclelinux.com/support/update/data/gzip.html

Trust: 0.8

title:AXSA-2005-48:1url:http://www.miraclelinux.com/support/update/list.php?errata_id=86

Trust: 0.8

title:RHSA-2005:357url:https://rhn.redhat.com/errata/RHSA-2005-357.html

Trust: 0.8

title:RHSA-2005:474url:https://rhn.redhat.com/errata/RHSA-2005-474.html

Trust: 0.8

title:101816url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1

Trust: 0.8

title:101816url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-3

Trust: 0.8

title:TLSA-2005-59url:http://www.turbolinux.com/security/2005/TLSA-2005-59.txt

Trust: 0.8

title:RHSA-2005:357url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-357J.html

Trust: 0.8

title:RHSA-2005:474url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-474J.html

Trust: 0.8

title:TLSA-2005-59url:http://www.turbolinux.co.jp/security/2005/TLSA-2005-59j.txt

Trust: 0.8

title:Red Hat: bzip2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-2005474 - Security Advisory

Trust: 0.1

title:Red Hat: gzip security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-2005357 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: gzip vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-158-1

Trust: 0.1

title:Ubuntu Security Notice: bzip2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-161-1

Trust: 0.1

title:phonito-scanner-actionurl:https://github.com/phonito/phonito-scanner-action

Trust: 0.1

sources: VULMON: CVE-2005-0758 // JVNDB: JVNDB-2005-000228

EXTERNAL IDS

db:NVDid:CVE-2005-0758

Trust: 3.0

db:BIDid:13582

Trust: 2.8

db:SECTRACKid:1013928

Trust: 1.9

db:OSVDBid:16371

Trust: 1.7

db:BIDid:25159

Trust: 1.7

db:SECUNIAid:26235

Trust: 1.7

db:SECUNIAid:22033

Trust: 1.7

db:SECUNIAid:19183

Trust: 1.7

db:SECUNIAid:18100

Trust: 1.7

db:VUPENid:ADV-2007-2732

Trust: 1.6

db:SECUNIAid:15047

Trust: 0.9

db:BIDid:13290

Trust: 0.8

db:BIDid:12996

Trust: 0.8

db:XFid:20199

Trust: 0.8

db:JVNDBid:JVNDB-2005-000228

Trust: 0.8

db:CNNVDid:CNNVD-200505-1008

Trust: 0.6

db:VUPENid:2007/2732

Trust: 0.1

db:VULMONid:CVE-2005-0758

Trust: 0.1

db:PACKETSTORMid:37396

Trust: 0.1

db:PACKETSTORMid:38412

Trust: 0.1

db:PACKETSTORMid:53505

Trust: 0.1

sources: VULMON: CVE-2005-0758 // BID: 13582 // JVNDB: JVNDB-2005-000228 // PACKETSTORM: 37396 // PACKETSTORM: 38412 // PACKETSTORM: 53505 // CNNVD: CNNVD-200505-1008 // NVD: CVE-2005-0758

REFERENCES

url:http://www.securityfocus.com/bid/13582

Trust: 2.6

url:http://rhn.redhat.com/errata/rhsa-2005-357.html

Trust: 2.0

url:http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml

Trust: 1.7

url:http://bugs.gentoo.org/show_bug.cgi?id=90626

Trust: 1.7

url:http://www.fedoralegacy.org/updates/fc2/2005-11-14-flsa_2005_158801__updated_bzip2_packages_fix_security_issues.html

Trust: 1.7

url:http://secunia.com/advisories/18100

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-158-1

Trust: 1.7

url:http://www.osvdb.org/16371

Trust: 1.7

url:http://securitytracker.com/id?1013928

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2005-474.html

Trust: 1.7

url:http://secunia.com/advisories/19183

Trust: 1.7

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

Trust: 1.7

url:http://secunia.com/advisories/22033

Trust: 1.7

url:http://www.openpkg.com/security/advisories/openpkg-sa-2007.002.html

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=306172

Trust: 1.7

url:http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdksa-2006:026

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdksa-2006:027

Trust: 1.7

url:http://www.securityfocus.com/bid/25159

Trust: 1.7

url:http://secunia.com/advisories/26235

Trust: 1.7

url:http://www.vupen.com/english/advisories/2007/2732

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/20539

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9797

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1107

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1081

Trust: 1.7

url:ftp://ftp.sco.com/pub/updates/unixware/scosa-2005.58/scosa-2005.58.txt

Trust: 1.1

url:ftp://patches.sgi.com/support/free/security/advisories/20060301-01.u.asc

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0758

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/20199

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0758

Trust: 0.8

url:http://secunia.com/advisories/15047

Trust: 0.8

url:http://www.securityfocus.com/bid/13290

Trust: 0.8

url:http://www.securityfocus.com/bid/12996

Trust: 0.8

url:http://rhn.redhat.com/errata/rhsa-2005-474.html

Trust: 0.6

url:http://support.avaya.com/elmodocs2/security/asa-2005-172.pdf

Trust: 0.3

url:http://www.securitytracker.com/alerts/2005/may/1013928.html

Trust: 0.3

url:http://tech.f5.com/home/bigip/solutions/advisories/sol4532.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-0758

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2005:474

Trust: 0.1

url:https://usn.ubuntu.com/158-1/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/4220/

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/15047/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0758

Trust: 0.1

url:http://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-1228

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0988

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.0

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-1228

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-200505-05.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-0988

Trust: 0.1

url:http://openpkg.com/security/signatures/

Trust: 0.1

url:http://openpkg.com/>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-0953

Trust: 0.1

url:http://openpkg.com/

Trust: 0.1

url:http://openpkg.com/go/openpkg-sa-2007.002

Trust: 0.1

url:http://openpkg.com/go/openpkg-sa

Trust: 0.1

url:http://www.bzip.org/

Trust: 0.1

url:http://openpkg.com/openpkg.com.pgp

Trust: 0.1

url:http://openpkg.org/go/package/bzip2

Trust: 0.1

sources: VULMON: CVE-2005-0758 // BID: 13582 // JVNDB: JVNDB-2005-000228 // PACKETSTORM: 37396 // PACKETSTORM: 38412 // PACKETSTORM: 53505 // CNNVD: CNNVD-200505-1008 // NVD: CVE-2005-0758

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200505-1008

SOURCES

db:VULMONid:CVE-2005-0758
db:BIDid:13582
db:JVNDBid:JVNDB-2005-000228
db:PACKETSTORMid:37396
db:PACKETSTORMid:38412
db:PACKETSTORMid:53505
db:CNNVDid:CNNVD-200505-1008
db:NVDid:CVE-2005-0758

LAST UPDATE DATE

2024-11-12T21:26:29.335000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2005-0758date:2019-10-16T00:00:00
db:BIDid:13582date:2007-08-01T20:25:00
db:JVNDBid:JVNDB-2005-000228date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200505-1008date:2019-10-17T00:00:00
db:NVDid:CVE-2005-0758date:2019-10-16T20:01:12.487

SOURCES RELEASE DATE

db:VULMONid:CVE-2005-0758date:2005-05-13T00:00:00
db:BIDid:13582date:2005-05-10T00:00:00
db:JVNDBid:JVNDB-2005-000228date:2007-04-01T00:00:00
db:PACKETSTORMid:37396date:2005-05-28T06:29:35
db:PACKETSTORMid:38412date:2005-07-02T00:59:07
db:PACKETSTORMid:53505date:2007-01-13T20:35:58
db:CNNVDid:CNNVD-200505-1008date:2005-05-13T00:00:00
db:NVDid:CVE-2005-0758date:2005-05-13T04:00:00