CVE-2005-0988

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

http://rhn.redhat.com/errata/RHSA-2005-357.html

http://secunia.com/advisories/18100

http://secunia.com/advisories/21253

http://secunia.com/advisories/22033

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1

http://www.debian.org/security/2005/dsa-752

http://www.osvdb.org/15487

http://www.securityfocus.com/archive/1/394965

http://www.securityfocus.com/bid/12996

http://www.securityfocus.com/bid/19289

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

http://www.vupen.com/english/advisories/2006/3101

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765

Details

Source: MITRE

Published: 2005-05-02

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 3.7

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 1.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.10:release_p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.11:release_p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.11:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:4.11:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.3:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.3:releng:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.3:stable:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.4:pre-release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.4:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.4:releng:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
22421Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01)NessusSlackware Local Security Checks
high
22125Mac OS X Multiple Vulnerabilities (Security Update 2006-004)NessusMacOS X Local Security Checks
critical
21810CentOS 3 / 4 : gzip (CESA-2005:357)NessusCentOS Local Security Checks
medium
20504Ubuntu 4.10 / 5.04 : gzip vulnerabilities (USN-116-1)NessusUbuntu Local Security Checks
medium
18960FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)NessusFreeBSD Local Security Checks
medium
18673Debian DSA-752-1 : gzip - several vulnerabilitiesNessusDebian Local Security Checks
medium
18469RHEL 2.1 / 3 / 4 : gzip (RHSA-2005:357)NessusRed Hat Local Security Checks
medium
18308Mandrake Linux Security Advisory : gzip (MDKSA-2005:092)NessusMandriva Local Security Checks
medium
18231GLSA-200505-05 : gzip: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium