CVE-2005-1228

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

http://marc.info/?l=bugtraq&m=111402732406477&w=2

http://rhn.redhat.com/errata/RHSA-2005-357.html

http://secunia.com/advisories/15047

http://secunia.com/advisories/18100

http://secunia.com/advisories/21253

http://secunia.com/advisories/22033

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1

http://www.debian.org/security/2005/dsa-752

http://www.osvdb.org/15721

http://www.securityfocus.com/bid/19289

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

http://www.vupen.com/english/advisories/2006/3101

https://exchange.xforce.ibmcloud.com/vulnerabilities/20199

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382

Details

Source: MITRE

Published: 2005-05-02

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
22421Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01)NessusSlackware Local Security Checks
high
22125Mac OS X Multiple Vulnerabilities (Security Update 2006-004)NessusMacOS X Local Security Checks
critical
21810CentOS 3 / 4 : gzip (CESA-2005:357)NessusCentOS Local Security Checks
medium
20504Ubuntu 4.10 / 5.04 : gzip vulnerabilities (USN-116-1)NessusUbuntu Local Security Checks
medium
18960FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)NessusFreeBSD Local Security Checks
medium
18673Debian DSA-752-1 : gzip - several vulnerabilitiesNessusDebian Local Security Checks
medium
18469RHEL 2.1 / 3 / 4 : gzip (RHSA-2005:357)NessusRed Hat Local Security Checks
medium
18308Mandrake Linux Security Advisory : gzip (MDKSA-2005:092)NessusMandriva Local Security Checks
medium
18231GLSA-200505-05 : gzip: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium