FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)

Medium Nessus Plugin ID 18960

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.3

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Problem Description Two problems related to extraction of files exist in gzip :

The first problem is that gzip does not properly sanitize filenames containing '/' when uncompressing files using the -N command line option.

The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed. Impact The first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option.

The second problem can allow a local attacker to change the permissions of arbitrary local files, on the same partition as the one the user is uncompressing a file on, by removing the file the user is uncompressing and replacing it with a hardlink before the uncompress operation is finished. Workaround Do not use the -N command line option on untrusted files and do not uncompress files in directories where untrusted users have write access.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=111271860708210

https://marc.info/?l=bugtraq&m=111402732406477

http://www.nessus.org/u?0d3bece7

Plugin Details

Severity: Medium

ID: 18960

File Name: freebsd_pkg_63bd4baddffe11d9b8750001020eed82.nasl

Version: 1.18

Type: local

Published: 2005/07/13

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.3

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gzip, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/06/18

Vulnerability Publication Date: 2005/04/20

Reference Information

CVE: CVE-2005-0988, CVE-2005-1228

FreeBSD: SA-05:11.gzip