Executive Summary
| Summary | |
|---|---|
| Title | New gzip packages fix insecure temporary files |
| Informations | |||
|---|---|---|---|
| Name | DSA-588 | First vendor Publication | 2004-11-08 |
| Vendor | Debian | Last vendor Modification | 2004-11-08 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Trustix developers discovered insecure temporary file creation in supplemental scripts in the gzip package which may allow local users to overwrite files via a symlink attack. For the stable distribution (woody) these problems have been fixed in version 1.3.2-3woody3. The unstable distribution (sid) is not affected by these problems. We recommend that you upgrade your gzip package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-588 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 588-1 (gzip) File : nvt/deb_588_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 11544 | gzip znew Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the znew scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
| 11543 | gzip zdiff Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the zdiff scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
| 11536 | gzip gzexe Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the gzexe scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-12-07 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-142.nasl - Type : ACT_GATHER_INFO |
| 2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-588.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:35 |
|
