Vulnerability in Gnu Gzip
CVE-2004-0970
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2…
EPSS: 0.004 (28.2th percentile) — read the EPSS interpretation.
Affected products
- Gnu Gzip — versions 1.2.4a
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_TRUSTIX)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)