Command Execution Vulnerability in Gzip by GNU
CVE-2004-0603
Currently unrated
Summary
The Gzip utility, specifically the gzexe component, in versions 1.3.3 and earlier is affected by a flaw where it improperly handles the creation of temporary files. When this process fails, gzexe does not terminate as expected, instead, it executes the provided arguments. This behavior creates a pathway for both remote attackers and local users to execute arbitrary commands on the underlying system, posing a significant security risk.
References
Timeline
Vulnerability published
Vulnerability Reserved