gzip Race Condition Arbitrary File Permission Modification

2005-04-04T01:18:21
ID OSVDB:15487
Type osvdb
Reporter Imran Ghory(imranghory@gmail.com)
Modified 2005-04-04T01:18:21

Description

Vulnerability Description

gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker has write access to a directory in which a targeted user is using gzip to decompress a file, and will gain the ability to modify the permissions on any file owned by the targeted user. This flaw may lead to a loss of integrity.

Solution Description

See vendor-specific advisory for fix information.

Short Description

gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker has write access to a directory in which a targeted user is using gzip to decompress a file, and will gain the ability to modify the permissions on any file owned by the targeted user. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.gzip.org Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:15655 Secunia Advisory ID:15937 Secunia Advisory ID:15308 Secunia Advisory ID:15424 Secunia Advisory ID:17645 Secunia Advisory ID:18100 Secunia Advisory ID:16030 Secunia Advisory ID:16643 Secunia Advisory ID:21253 Secunia Advisory ID:16152 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200505-05.xml Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:092 Other Advisory URL: http://www.debian.org/security/2005/dsa-752 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000974 Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0188.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0189.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0055.html Keyword: SCOSA-2005.49 CVE-2005-0988 Bugtraq ID: 12996