File Overwrite Vulnerability in Gzip Package by TurboLinux
CVE-2003-0367

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 2 July 2003

Summary

The Gzip package has a vulnerability that allows local users to conduct symlink attacks on temporary files, potentially enabling them to overwrite arbitrary files. This flaw can be exploited through improperly secured temporary file handling, increasing the risk of unauthorized data manipulation. Users are advised to update to the latest version of Gzip to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/7872

vdb-entryx_refsource_BID

http://www.turbolinux.com/security/TLSA-2003-38.txt

vendor-advisoryx_refsource_TURBO

http://www.debian.org/security/2003/dsa-308

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Jul 2, 2003
Vulnerability Reserved
Jun 1, 2003