CVE-2004-0970

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 9 February 2005

Summary

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/11288

vdb-entryx_refsource_BID

http://www.trustix.org/errata/2004/0050

vendor-advisoryx_refsource_TRUSTIX

Timeline

Vulnerability published
Feb 9, 2005
Vulnerability Reserved
Oct 19, 2004