Mandrake Linux Security Advisory : gzip (MDKSA-2004:142)

Low Nessus Plugin ID 15915


The remote Mandrake Linux host is missing a security update.


The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack.

A similar problem was fixed last year (CVE-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script.


Update the affected gzip package.

Plugin Details

Severity: Low

ID: 15915

File Name: mandrake_MDKSA-2004-142.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/12/07

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gzip, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/12/06

Reference Information

CVE: CVE-2004-0970

MDKSA: 2004:142