CVSS: 3.7EPSS: 0%CPEs: 104EXPL: 0CVE-2005-0988
https://notcve.org/view.php?id=CVE-2005-0988
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www& •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0970
https://notcve.org/view.php?id=CVE-2004-0970
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. • http://secunia.com/advisories/13131 http://www.debian.org/security/2004/dsa-588 http://www.securityfocus.com/bid/11288 http://www.trustix.org/errata/2004/0050 http://www.zataz.net/adviso/ncompress-09052005.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1349
https://notcve.org/view.php?id=CVE-2004-1349
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. • http://secunia.com/advisories/12744 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security http://www.kb.cert.org/vuls/id/635998 http://www.securityfocus.com/bid/11318 https://exchange.xforce.ibmcloud.com/vulnerabilities/17577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0603
https://notcve.org/view.php?id=CVE-2004-0603
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. gzexe en gzip 1.3.3 y anteriores ejecutaran un argumento cuando la creación de un fichero temporal falla, en lugar de terminar el programa, lo que podría permitir a atacantes remotos o usuarios locales ejecutar órdenes de su elección, una vulnerabilidad diferente de CVE-1999-1332. • http://bugs.gentoo.org/show_bug.cgi?id=54890 http://security.gentoo.org/glsa/glsa-200406-18.xml http://www.securityfocus.com/bid/10603 https://exchange.xforce.ibmcloud.com/vulnerabilities/16506 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2003-0367
https://notcve.org/view.php?id=CVE-2003-0367
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. znew en el paquete gzip permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en ficheros temporales. • http://www.debian.org/security/2003/dsa-308 http://www.mandriva.com/security/advisories?name=MDKSA-2003:068 http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html http://www.securityfocus.com/bid/7872 http://www.turbolinux.com/security/TLSA-2003-38.txt • CWE-20: Improper Input Validation •