Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-752-1
HistoryJul 11, 2005 - 12:00 a.m.

gzip - several

2005-07-1100:00:00
Google
osv.dev
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

79.7%

JSON

Two problems have been discovered in gzip, the GNU compression
utility. The Common Vulnerabilities and Exposures project identifies
the following problems.

  • CAN-2005-0988
    Imran Ghory discovered a race condition in the permissions setting
    code in gzip. When decompressing a file in a directory an
    attacker has access to, gunzip could be tricked to set the file
    permissions to a different file the user has permissions to.

  • CAN-2005-1228
    Ulf HΔ‚Β€rnhammar discovered a path traversal vulnerability in
    gunzip. When gunzip is used with the -N option an attacker could
    use
    this vulnerability to create files in an arbitrary directory with
    the permissions of the user.

For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.

For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.

We recommend that you upgrade your gzip package.

CPENameOperatorVersion
gzipeq1.3.2-3woody3
gzipeq1.3.2-3woody4

Related

debian 2
nessus 9
openvas 12
freebsd_advisory 1
freebsd 1
ubuntu 1
gentoo 1
centos 2
altlinux 2
redhat 1
f5 2
ubuntucve 2
debiancve 2
cve 2
slackware 1
debian
debian
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
2005-07-11 16:22:23
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
2005-07-11 16:22:23
nessus
nessus
Ubuntu 4.10 / 5.04 : gzip vulnerabilities (USN-116-1)
2006-01-15 00:00:00
FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)
2005-07-13 00:00:00
Debian DSA-752-1 : gzip - several vulnerabilities
2005-07-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-752-1)
2008-01-17 00:00:00
FreeBSD Ports: gzip
2008-09-04 00:00:00
Debian Security Advisory DSA 752-1 (gzip)
2008-01-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:11.gzip
2005-06-09 00:00:00
freebsd
freebsd
gzip -- directory traversal and permission race vulnerabilities
2005-04-20 00:00:00
ubuntu
ubuntu
gzip vulnerabilities
2005-05-04 00:00:00
gentoo
gentoo
gzip: Multiple vulnerabilities
2005-05-09 00:00:00
centos
centos
gzip security update
2005-06-13 22:49:43
gzip security update
2005-06-13 15:16:31
altlinux
altlinux
Security fix for the ALT Linux 9 package gzip version 1.3.5-alt1
2005-05-19 00:00:00
Security fix for the ALT Linux 5 package gzip version 1.3.5-alt1
2005-05-19 00:00:00
redhat
redhat
(RHSA-2005:357) gzip security update
2005-06-13 00:00:00
f5
f5
SOL4532 - gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
2005-07-18 00:00:00
gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
2005-07-19 04:00:00
ubuntucve
ubuntucve
CVE-2005-1228
2005-05-02 00:00:00
CVE-2005-0988
2005-05-02 00:00:00
debiancve
debiancve
CVE-2005-1228
2005-05-02 04:00:00
CVE-2005-0988
2005-05-02 04:00:00
cve
cve
CVE-2005-1228
2005-05-02 04:00:00
CVE-2005-0988
2005-05-02 04:00:00
slackware
slackware
[slackware-security] gzip
2006-09-19 21:15:29

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

79.7%

JSON
Related for OSV:DSA-752-1
debian2nessus9openvas12freebsd_advisory1freebsd1ubuntu1gentoo1centos2altlinux2redhat1f52ubuntucve2debiancve2cve2slackware1