CVE-2015-4035: Input Validation
It was found that xzgrep did not correctly process file names containing a semicolon. A local attacker able to trick a user to run xzgrep on a specially crafted file could use this flaw to execute arbitrary code as the user running xzgrep.
$ touch /tmp/semi\;colon $ xzgrep anystring /tmp/semi\;colon xz: /tmp/semi: No such file or directory /usr/bin/xzgrep: line 199: colon: command not found
Additional details:
http://seclists.org/oss-sec/2015/q2/484
Other sources
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
— MITRE
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2015-4035?
The CVE-2015-4035 vulnerability is considered to have a high severity due to its potential for arbitrary code execution.
How do I fix CVE-2015-4035?
To fix CVE-2015-4035, update to xz package version 5.0.0 or higher for Red Hat systems.
Who is affected by CVE-2015-4035?
Users running xzgrep on versions of the xz package up to 5.2.0 are affected by CVE-2015-4035.
Can CVE-2015-4035 be exploited remotely?
CVE-2015-4035 requires local access, as a user must be tricked into running the affected command on a specially crafted file.
What systems are vulnerable to CVE-2015-4035?
CVE-2015-4035 affects various versions of the xz package, particularly on Red Hat Enterprise Linux systems below version 5.0.0.