CVE-2005-0638
NONE EPSS 88.1%
Published Mar 2, 200521y ago · Modified Jun 16, 20262w ago
Published Mar 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Threat Intelligence
EPSS Exploit Probability
88.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 56
| Vendor | Product | Version | Range |
|---|---|---|---|
| xli | xli | 1.14 | any |
| xli | xli | 1.15 | any |
| xli | xli | 1.16 | any |
| xli | xli | 1.17 | any |
| altlinux | alt_linux | 2.3 | any |
| altlinux | alt_linux | 2.3 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 2.0 | any |
| suse | suse_linux | 3.0 | any |
| suse | suse_linux | 4.0 | any |
| suse | suse_linux | 4.2 | any |
| suse | suse_linux | 4.3 | any |
| suse | suse_linux | 4.4 | any |
| suse | suse_linux | 4.4.1 | any |
| suse | suse_linux | 5.0 | any |
| suse | suse_linux | 5.1 | any |
| suse | suse_linux | 5.2 | any |
| suse | suse_linux | 5.3 | any |
| suse | suse_linux | 6.0 | any |
| suse | suse_linux | 6.1 | any |
| suse | suse_linux | 6.1 | any |
| suse | suse_linux | 6.2 | any |
| suse | suse_linux | 6.3 | any |
| suse | suse_linux | 6.3 | any |
| suse | suse_linux | 6.3 | any |
| suse | suse_linux | 6.4 | any |
| suse | suse_linux | 6.4 | any |
| suse | suse_linux | 6.4 | any |
| suse | suse_linux | 6.4 | any |
| suse | suse_linux | 7.0 | any |
| suse | suse_linux | 7.0 | any |
| suse | suse_linux | 7.0 | any |
| suse | suse_linux | 7.0 | any |
| suse | suse_linux | 7.0 | any |
| suse | suse_linux | 7.1 | any |
| suse | suse_linux | 7.1 | any |
| suse | suse_linux | 7.1 | any |
| suse | suse_linux | 7.1 | any |
| suse | suse_linux | 7.1 | any |
| suse | suse_linux | 7.2 | any |
| suse | suse_linux | 7.2 | any |
| suse | suse_linux | 7.3 | any |
| suse | suse_linux | 7.3 | any |
| suse | suse_linux | 7.3 | any |
| suse | suse_linux | 7.3 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.3 | any |
References 11
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=79762
- secunia.com http://secunia.com/advisories/14459
- secunia.com http://secunia.com/advisories/14462
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200503-05.xml
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
- debian.org http://www.debian.org/security/2005/dsa-695
- osvdb.org http://www.osvdb.org/14365
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-332.html
- securityfocus.com http://www.securityfocus.com/archive/1/433935/30/5010/threaded
- securityfocus.com http://www.securityfocus.com/bid/12712
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
Remediation
- secunia.com http://secunia.com/advisories/14459