Mandrake Linux Security Advisory : gzip (MDKSA-2005:092)
Medium Nessus Plugin ID 18308
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionSeveral vulnerabilities have been discovered in the gzip package :
Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CVE-2005-0758)
A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CVE-2005-0988)
A directory traversal vulnerability via 'gunzip -N' in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CVE-2005-1228)
Updated packages are patched to address these issues.
SolutionUpdate the affected gzip package.