Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0970

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0970
Last Modified 05 Sep 2008 04:39:57
Published 09 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0970

Summary

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

Vulnerable Systems

Application

  • Gnu Gzip 1.2.4a


References

BID - 11288

XF - script-temporary-file-overwrite(17583)

TRUSTIX - 2004-0050

DEBIAN - DSA-588

MISC - http://www.zataz.net/adviso/ncompress-09052005.txt

SECUNIA - 13131


Last Updated: 27 May 2016 10:38:50