EUVD-1999-1313

Malware in sbrugna...

EUVD-2004-0602

Malware in sbrugna...

SUSE CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

DEBIAN-CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...

CVE-2004-0970

CVE-2004-0970 concerns the gzip package: the (1) gzexe, (2) zdiff, and (3) znew scripts are able to overwrite files via a symlink attack on temporary files, enabling local users to modify files. This vulnerability is described as a local-privilege-impact issue (I:P) with a low base score (2.1) an...

GLSA-200406-18 : gzip: Insecure creation of temporary files

The remote host is affected by the vulnerability described in GLSA-200406-18 gzip: Insecure creation of temporary files The script gzexe included with gzip contains a bug in the code that handles tempfile creation. If the creation of a temp file fails when using gzexe fails instead of bailing out...

CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...

CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...

CVE-2004-0603

CVE-2004-0603 relates to gzip (gzexe) in versions 1.3.3 and earlier. The vulnerability arises when temporary file creation fails: gzexe will continue execution instead of exiting, potentially allowing remote attackers or local users to run arbitrary commands. The issue is documented in various ad...

gzip: Insecure creation of temporary files

Background gzip GNU zip is popular compression program. The included gzexe utility allows you to compress executables in place and have them automatically uncompress and execute when you run them. Description The script gzexe included with gzip contains a bug in the code that handles tempfile...

DEBIAN-CVE-1999-1332

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file...

CVE-1999-1332

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file...

[SECURITY] New versions of gzip available

We were told by Michal Zalewski that gzexe as shipped with gzip uses an unsecure method decompressing executables on the fly opening a way of calling arbitrary programs. Newer versions for bo and hamm are fixing this. We recommend you upgrade your gzip package if youre using the gzexe method. dpk...

[SECURITY] New versions of gzip available

We were told by Michal Zalewski that gzexe as shipped with gzip uses an unsecure method decompressing executables on the fly opening a way of calling arbitrary programs. Newer versions for bo and hamm are fixing this. We recommend you upgrade your gzip package if youre using the gzexe method. dpk...