Directory Traversal Vulnerability in gzip by GNU
CVE-2005-1228

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 2 May 2005

Summary

The directory traversal vulnerability in gzip versions 1.2.4 to 1.3.5 allows remote attackers to craft compressed files that leverage the '..' sequence in the filename. This exploit leads to unauthorized access, enabling attackers to write files to arbitrary directories on the host system. Users are encouraged to upgrade to a patched version of gzip to mitigate the risk associated with this vulnerability.

References

http://lists.apple.com/archives/security-announce/2006//A...

vendor-advisoryx_refsource_APPLE

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255

x_refsource_CONFIRM

http://www.osvdb.org/15721

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 22, 2005