CVE-2003-0367

CWE-20 — Improper Input Validation CWE-3779 documents7 sources

Severity

2.1LOW

EPSS

0.1%

top 65.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gzip Debian Debian Linux

Timeline

PublishedJul 2

Latest updateApr 29

Description

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiangzip< 1.3.5-6+3

▶NVDgnu/gzip1.3.5

Also affects: Debian Linux 2.2, 3.0

Patches

Patch: www.debian.org ↗Patch: www.openpkg.org ↗Patch: www.turbolinux.com ↗

🔴Vulnerability Details

GHSA

GHSA-vj5m-w4ph-5wwj: znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files↗2022-04-29

▶

OSV

CVE-2003-0367: znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files↗2003-07-02

▶

CVEList

CVE-2003-0367: znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files↗2003-06-10

▶

📋Vendor Advisories

Red Hat

gzip: symlink attack on temporary files leads to arbitrary file overwrite↗2003-07-02

▶

Debian

CVE-2003-0367: gzip - znew in the gzip package allows local users to overwrite arbitrary files via a s...↗2003

▶

💬Community

Bugzilla

CVE-2003-0367 gzip: symlink attack on temporary files leads to arbitrary file overwrite [fedora-all]↗2020-06-25

▶

Bugzilla

CVE-2003-0367 gzip: symlink attack on temporary files leads to arbitrary file overwrite↗2020-06-25

▶

Bugzilla

CAN-2003-0367 tmpfile symlink race in znew↗2003-06-13

▶