Command Execution Vulnerability in Gzip by GNU
CVE-2004-0603

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
6 December 2004

Summary

The Gzip utility, specifically the gzexe component, in versions 1.3.3 and earlier is affected by a flaw where it improperly handles the creation of temporary files. When this process fails, gzexe does not terminate as expected, instead, it executes the provided arguments. This behavior creates a pathway for both remote attackers and local users to execute arbitrary commands on the underlying system, posing a significant security risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.