CVE-2005-0638

Description

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Affected products

altlinux / alt_linux2.3 – 2.3
altlinux / alt_linux2.3 – 2.3
SUSE / suse_linux9.3 – 9.3
SUSE / suse_linux9.1 – 9.1
SUSE / suse_linux9.1 – 9.1
SUSE / suse_linux9.2 – 9.2
SUSE / suse_linux9.2 – 9.2
SUSE / suse_linux1.0 – 1.0
SUSE / suse_linux2.0 – 2.0
SUSE / suse_linux3.0 – 3.0
SUSE / suse_linux4.0 – 4.0
SUSE / suse_linux4.2 – 4.2
SUSE / suse_linux4.3 – 4.3
SUSE / suse_linux4.4 – 4.4
SUSE / suse_linux4.4.1 – 4.4.1
SUSE / suse_linux5.0 – 5.0
SUSE / suse_linux5.1 – 5.1
SUSE / suse_linux5.2 – 5.2
SUSE / suse_linux5.3 – 5.3
SUSE / suse_linux6.0 – 6.0
SUSE / suse_linux6.1 – 6.1
SUSE / suse_linux6.1 – 6.1
SUSE / suse_linux6.2 – 6.2
SUSE / suse_linux6.3 – 6.3
SUSE / suse_linux6.3 – 6.3
SUSE / suse_linux6.3 – 6.3
SUSE / suse_linux6.4 – 6.4
SUSE / suse_linux6.4 – 6.4
SUSE / suse_linux6.4 – 6.4
SUSE / suse_linux6.4 – 6.4
SUSE / suse_linux7.0 – 7.0
SUSE / suse_linux7.0 – 7.0
SUSE / suse_linux7.0 – 7.0
SUSE / suse_linux7.0 – 7.0
SUSE / suse_linux7.0 – 7.0
SUSE / suse_linux7.1 – 7.1
SUSE / suse_linux7.1 – 7.1
SUSE / suse_linux7.1 – 7.1
SUSE / suse_linux7.1 – 7.1
SUSE / suse_linux7.1 – 7.1
SUSE / suse_linux7.2 – 7.2
SUSE / suse_linux7.2 – 7.2
SUSE / suse_linux7.3 – 7.3
SUSE / suse_linux7.3 – 7.3
SUSE / suse_linux7.3 – 7.3
SUSE / suse_linux7.3 – 7.3
SUSE / suse_linux8.0 – 8.0
SUSE / suse_linux8.0 – 8.0
SUSE / suse_linux8.1 – 8.1
SUSE / suse_linux8.2 – 8.2
SUSE / suse_linux9.0 – 9.0
SUSE / suse_linux9.0 – 9.0
xli / xli1.17 – 1.17
xli / xli1.16 – 1.16
xli / xli1.15 – 1.15
xli / xli1.14 – 1.14

Description

Affected products

References