Vulnerability in Altlinux Alt_linux
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.
Affected products
- Altlinux Alt_linux — versions 2.3
- Xli — versions 1.14, 1.15, 1.16
- Suse Suse_linux — versions 1.0, 2.0, 3.0
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (vendor-advisory, x_refsource_GENTOO, Vendor Advisory)
- cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)