This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
Several vulnerabilities have been discovered in the gzip package :
Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that
are injected into a sed script. (CVE-2005-0758)
A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing
a gzip file allows local users to modify permissions of arbitrary
files via a hard link attack on a file while it is being decompressed,
whose permissions are changed by gzip after the decompression is
A directory traversal vulnerability via 'gunzip -N' in gzip 1.2.4
through 1.3.5 allows remote attackers to write to arbitrary
directories via a .. (dot dot) in the original filename within a
compressed file. (CVE-2005-1228)
Updated packages are patched to address these issues.
Update the affected gzip package.
Risk factor :
Medium / CVSS Base Score : 5.0