CVE-2004-0970

medium

Description

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

http://www.zataz.net/adviso/ncompress-09052005.txt

http://www.trustix.org/errata/2004/0050

http://www.securityfocus.com/bid/11288

http://www.debian.org/security/2004/dsa-588

http://secunia.com/advisories/13131

Details

Source: Mitre, NVD

Published: 2005-02-09

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

Detections

Analytics