Page 2 of 11 results (0.015 seconds)

CVSS: 3.7EPSS: 0%CPEs: 104EXPL: 0

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www& •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. • http://secunia.com/advisories/13131 http://www.debian.org/security/2004/dsa-588 http://www.securityfocus.com/bid/11288 http://www.trustix.org/errata/2004/0050 http://www.zataz.net/adviso/ncompress-09052005.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. • http://secunia.com/advisories/12744 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security http://www.kb.cert.org/vuls/id/635998 http://www.securityfocus.com/bid/11318 https://exchange.xforce.ibmcloud.com/vulnerabilities/17577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654 • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. gzexe en gzip 1.3.3 y anteriores ejecutaran un argumento cuando la creación de un fichero temporal falla, en lugar de terminar el programa, lo que podría permitir a atacantes remotos o usuarios locales ejecutar órdenes de su elección, una vulnerabilidad diferente de CVE-1999-1332. • http://bugs.gentoo.org/show_bug.cgi?id=54890 http://security.gentoo.org/glsa/glsa-200406-18.xml http://www.securityfocus.com/bid/10603 https://exchange.xforce.ibmcloud.com/vulnerabilities/16506 •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. znew en el paquete gzip permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en ficheros temporales. • http://www.debian.org/security/2003/dsa-308 http://www.mandriva.com/security/advisories?name=MDKSA-2003:068 http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html http://www.securityfocus.com/bid/7872 http://www.turbolinux.com/security/TLSA-2003-38.txt • CWE-20: Improper Input Validation •