[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0988Date: (C)2005-05-02   (M)2023-12-22


Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.7
Exploit Score: 1.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-101816
BID-12996
OSVDB-15487
SECUNIA-18100
BID-19289
http://www.securityfocus.com/archive/1/394965
SECUNIA-21253
SECUNIA-22033
ADV-2006-3101
APPLE-SA-2006-08-01
DSA-752
RHSA-2005:357
SCOSA-2005.58
SSA:2006-262
TA06-214A
oval:org.mitre.oval:def:10242
oval:org.mitre.oval:def:1169
oval:org.mitre.oval:def:765

CPE    26
cpe:/a:gnu:gzip:1.2.4
cpe:/o:redhat:enterprise_linux_desktop:4.0
cpe:/a:gnu:gzip:1.3.3
cpe:/o:freebsd:freebsd:4.10
...

© SecPod Technologies