Privilege escalation in Gnu Gzip

CVE-2004-1349

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

Vulnerability class: Privilege Escalation

EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Gzip
Oracle Solaris — versions 8
N/a — versions n/a

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Broken Link, Vendor Advisory)
cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)
cve@mitre.org (Not Applicable, x_refsource_OVAL, signature, vdb-entry)
cve@mitre.org (Patch, VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID, Vendor Advisory)
cve@mitre.org (Patch, x_refsource_SECUNIA, Not Applicable, Vendor Advisory, third-party-advisory)