Mandrake Linux Security Advisory : gzip (MDKSA-2004:142)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

The Trustix developers found some insecure temporary file creation
problems in the zdiff, znew, and gzeze supplemental scripts in the
gzip package. These flaws could allow local users to overwrite files
via a symlink attack.

A similar problem was fixed last year (CVE-2003-0367) in which this
same problem was found in znew. At that time, Mandrakesoft also used
mktemp to correct the problems in gzexe. This update uses mktemp to
handle temporary files in the zdiff script.

Solution :

Update the affected gzip package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15915 (mandrake_MDKSA-2004-142.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0970

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now