Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0970 | First vendor Publication | 2005-02-09 |
Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0970 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 588-1 (gzip) File : nvt/deb_588_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
11544 | gzip znew Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the znew scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
11543 | gzip zdiff Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the zdiff scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
11536 | gzip gzexe Symlink Arbitrary File Overwrite gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the gzexe scripts insecure creation of temporary files and can be exploited via symlink attacks to create or overwrite arbitrary files on the system with the privileges of the user executing a vulnerable script. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-12-07 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-142.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-588.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:26 |
|
2021-04-22 01:02:35 |
|
2020-05-23 00:15:55 |
|
2017-07-11 12:01:32 |
|
2016-04-26 12:54:39 |
|
2014-02-17 10:28:13 |
|
2013-05-11 11:43:33 |
|