26 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-41991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user's PATH,...
CVE-2026-41991
A flaw was found in the gzexe utility of GNU gzip. When the mktemp utility is not available, gzexe creates temporary files with predictable names based on the process ID. A local attacker can exploit this by pre-creating a symbolic link to an arbitrary file at the predicted temporary file path...
CVE-2026-41991
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
UBUNTU-CVE-2026-41991
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
CVE-2026-41991
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
CVE-2026-41991
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
CVE-2026-41991 Predictable Temporary File in GNU gzip
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
CVE-2026-41991
CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...
EUVD-2026-40068
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
CVE-2026-41991
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
PT-2026-53255
Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description The gzexe utility handles temporary files insecurely. If the mktemp utility is missing from the user's PATH, gzexe generates a temporary file path using only the process ID PID. Because this...
EUVD-1999-1313
Malware in sbrugna...
EUVD-2004-0602
Malware in sbrugna...
SUSE CVE-2004-0970
The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...
DEBIAN-CVE-2004-0970
The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...
CVE-2004-0603
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...
CVE-2004-0970
CVE-2004-0970 concerns the gzip package: the (1) gzexe, (2) zdiff, and (3) znew scripts are able to overwrite files via a symlink attack on temporary files, enabling local users to modify files. This vulnerability is described as a local-privilege-impact issue (I:P) with a low base score (2.1) an...
GLSA-200406-18 : gzip: Insecure creation of temporary files
The remote host is affected by the vulnerability described in GLSA-200406-18 gzip: Insecure creation of temporary files The script gzexe included with gzip contains a bug in the code that handles tempfile creation. If the creation of a temp file fails when using gzexe fails instead of bailing out...
CVE-2004-0603
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...
CVE-2004-0603
CVE-2004-0603 relates to gzip (gzexe) in versions 1.3.3 and earlier. The vulnerability arises when temporary file creation fails: gzexe will continue execution instead of exiting, potentially allowing remote attackers or local users to run arbitrary commands. The issue is documented in various ad...