Detections
Analytics

Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)

low Nessus Plugin ID 14051

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created.

The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo.

Solution

Update the affected gzip package.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193375

https://marc.info/?l=bugtraq&m=88998519803911&w=2

Plugin Details

Severity: Low

ID: 14051

File Name: mandrake_MDKSA-2003-068.nasl

Version: 1.22

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gzip, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 6/16/2003

Reference Information

CVE: CVE-1999-1332, CVE-2003-0367

MDKSA: 2003:068