Lucene search
HistoryFeb 09, 2005 - 5:00 a.m.
CVE-2004-0970
cve-2004-0970
gzexe
zdiff
znew
symlink attack
gzip vulnerability
5.8 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
Related
nessus
nessus
Mandrake Linux Security Advisory : gzip (MDKSA-2004:142)
2004-12-07 00:00:00
Debian DSA-588-1 : gzip - insecure temporary files
2004-11-10 00:00:00
Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)
2004-07-31 00:00:00
ubuntucve
ubuntucve
CVE-2004-0970
2005-02-09 00:00:00
CVE-2005-2991
2005-09-20 00:00:00
debiancve
debiancve
openvas
openvas
Debian: Security Advisory (DSA-588-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 588-1 (gzip)
2008-01-17 00:00:00
Debian Security Advisory DSA 308-1 (gzip)
2008-01-17 00:00:00
osv
osv
gzip - insecure temporary files
2004-11-08 00:00:00
gzip - insecure temporary files
2003-06-06 00:00:00
securityvulns
securityvulns
[VulnWatch] ncompress insecure temporary file creation
2005-09-16 00:00:00
debian
debian
[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files
2004-11-08 15:35:12
[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files
2004-11-08 15:35:12
cve
cve
CVE-2005-2991
2005-09-20 20:03:00
CVE-2003-0367
2003-07-02 04:00:00
redhatcve
redhatcve
CVE-2005-2991
2015-10-30 10:31:16
5.8 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for CVE-2004-0970