Command Execution Vulnerability in Gzip by GNU
CVE-2004-0603

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 6 December 2004

Summary

The Gzip utility, specifically the gzexe component, in versions 1.3.3 and earlier is affected by a flaw where it improperly handles the creation of temporary files. When this process fails, gzexe does not terminate as expected, instead, it executes the provided arguments. This behavior creates a pathway for both remote attackers and local users to execute arbitrary commands on the underlying system, posing a significant security risk.

References

http://bugs.gentoo.org/show_bug.cgi?id=54890

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/16506

vdb-entryx_refsource_XF

http://security.gentoo.org/glsa/glsa-200406-18.xml

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Dec 6, 2004
Vulnerability Reserved
Jun 29, 2004