Race Condition in gzip Product by Multiple Vendors
CVE-2005-0988

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 2 May 2005

Summary

A race condition vulnerability in the gzip compression utility allows local users to exploit a timing issue when decompressing gzipped files. By performing a hard link attack on a file during the decompression process, an attacker can modify the file permissions of arbitrary files once gzip completes its operation. This can lead to unauthorized access or control over sensitive files, as the permissions may be altered by the gzip tool post-decompression.

References

http://lists.apple.com/archives/security-announce/2006//A...

vendor-advisoryx_refsource_APPLE

http://secunia.com/advisories/22033

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3101

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 6, 2005