Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-116-1
HistoryMay 04, 2005 - 12:00 a.m.

gzip vulnerabilities

2005-05-0400:00:00
ubuntu.com
33

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Releases

  • Ubuntu 5.04
  • Ubuntu 4.10

Details

Imran Ghory discovered a race condition in the file permission restore
code of gzip and gunzip. While a user was compressing or decompressing
a file, a local attacker with write permissions in the directory of
that file could replace the target file with a hard link. This would
cause gzip to restore the file permissions to the hard link target
instead of to the gzip output file, which could be exploited to gain
read or even write access to files of other users. (CAN-2005-0988)

Ulf Harnhammar found a path traversal vulnerability when gunzip was
used with the -N option. An attacker could exploit this to create
files in an arbitrary directory with the permissions of a user if he
tricked this user to decompress a specially crafted gzip file using
the -N option (which can also happen in systems that automatically
process uploaded gzip files). (CAN-2005-1228)

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchgzip< *UNKNOWN
Ubuntu4.10noarchgzip< *UNKNOWN

Related

nessus 9
openvas 12
freebsd 1
debian 2
osv 1
freebsd_advisory 1
altlinux 2
redhat 1
gentoo 1
centos 2
f5 2
ubuntucve 2
cve 2
debiancve 2
slackware 1
nessus
nessus
FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)
2005-07-13 00:00:00
Ubuntu 4.10 / 5.04 : gzip vulnerabilities (USN-116-1)
2006-01-15 00:00:00
Debian DSA-752-1 : gzip - several vulnerabilities
2005-07-12 00:00:00
openvas
openvas
FreeBSD Ports: gzip
2008-09-04 00:00:00
Debian: Security Advisory (DSA-752-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 752-1 (gzip)
2008-01-17 00:00:00
freebsd
freebsd
gzip -- directory traversal and permission race vulnerabilities
2005-04-20 00:00:00
debian
debian
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
2005-07-11 16:22:23
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
2005-07-11 16:22:23
osv
osv
gzip - several
2005-07-11 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:11.gzip
2005-06-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package gzip version 1.3.5-alt1
2005-05-19 00:00:00
Security fix for the ALT Linux 5 package gzip version 1.3.5-alt1
2005-05-19 00:00:00
redhat
redhat
(RHSA-2005:357) gzip security update
2005-06-13 00:00:00
gentoo
gentoo
gzip: Multiple vulnerabilities
2005-05-09 00:00:00
centos
centos
gzip security update
2005-06-13 22:49:43
gzip security update
2005-06-13 15:16:31
f5
f5
SOL4532 - gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
2005-07-18 00:00:00
gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
2005-07-19 04:00:00
ubuntucve
ubuntucve
CVE-2005-1228
2005-05-02 00:00:00
CVE-2005-0988
2005-05-02 00:00:00
cve
cve
CVE-2005-1228
2005-05-02 04:00:00
CVE-2005-0988
2005-05-02 04:00:00
debiancve
debiancve
CVE-2005-1228
2005-05-02 04:00:00
CVE-2005-0988
2005-05-02 04:00:00
slackware
slackware
[slackware-security] gzip
2006-09-19 21:15:29

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON
Related for USN-116-1
nessus9openvas12freebsd1debian2osv1freebsd_advisory1altlinux2redhat1gentoo1centos2f52ubuntucve2cve2debiancve2slackware1