Family: Ubuntu Local Security Checks --> Category: infos
USN158-1 : gzip vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The remote package "gzip" is missing a security patch.
zgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user rights if zgrep is run in an
untrusted directory with specially crafted file names.
Upgrade to :
- gzip-1.3.5-9ubuntu3.4 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.