Lucene search

[email protected]CVE-2004-1349

HistoryOct 04, 2004 - 4:00 a.m.

CVE-2004-1349

2004-10-0404:00:00

CWE-269

[email protected]

web.nvd.nist.gov

cve

2004

1349

gzip

solaris 8

permissions

hard linked files

nvd

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

39.1%

JSON

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

CPENameOperatorVersion
oracle:solarisoracle solariseq8
gnu:gzipgnu gziplt1.3

CPE	Name	Operator	Version
oracle:solaris	oracle solaris	eq	8
gnu:gzip	gnu gzip	lt	1.3

References

secunia.com/advisories/12744

sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security

www.kb.cert.org/vuls/id/635998

www.securityfocus.com/bid/11318

exchange.xforce.ibmcloud.com/vulnerabilities/17577

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVE-2004-1349

debiancve1