CVSS: 6.3EPSS: 0%CPEs: 104EXPL: 0CVE-2005-0988
https://notcve.org/view.php?id=CVE-2005-0988
06 Apr 2005 — Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0970
https://notcve.org/view.php?id=CVE-2004-0970
20 Oct 2004 — The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. • http://secunia.com/advisories/13131 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1349
https://notcve.org/view.php?id=CVE-2004-1349
04 Oct 2004 — gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. • http://secunia.com/advisories/12744 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0603
https://notcve.org/view.php?id=CVE-2004-0603
30 Jun 2004 — gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. gzexe en gzip 1.3.3 y anteriores ejecutaran un argumento cuando la creación de un fichero temporal falla, en lugar de terminar el programa, lo que podría permitir a atacantes remotos o usuarios locales ejecutar órdenes de su elección, una vulnerabilidad dif... • http://bugs.gentoo.org/show_bug.cgi?id=54890 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2003-0367
https://notcve.org/view.php?id=CVE-2003-0367
10 Jun 2003 — znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. znew en el paquete gzip permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en ficheros temporales. • http://www.debian.org/security/2003/dsa-308 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2001-1228
https://notcve.org/view.php?id=CVE-2001-1228
18 Nov 2001 — Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc •