CVE-2005-0988

10 documents9 sources

Severity

3.7LOW

EPSS

0.1%

top 69.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freebsd Freebsd GNU Gzip Redhat Enterprise Linux +8 more

Timeline

PublishedMay 2

Latest updateMay 3

Description

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages9 packages

▶Debiangzip< 1.3.5-10+3

▶NVDgnu/gzip1.2.4, 1.2.4a, 1.3.3+2

▶NVDtrustix/secure_linux2.0, 2.1, 2.2+2

▶NVDturbolinux/turbolinux_server10.0, 7.0, 8.0+2

▶NVDturbolinux/turbolinux_desktop10.0

Also affects: Freebsd 4.0, 4.1, 4.1.1, 4.10, 4.11, 4.2, 4.3, 4.4, 4.5, 4.6, 4.6.2, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.2.1, 5.3, 5.4, Ubuntu Linux 4.1, 5.04, Enterprise Linux 2.1, 3.0, 4.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pmqf-rc4m-6f55: Race condition in gzip 1↗2022-05-03

▶

OSV

CVE-2005-0988: Race condition in gzip 1↗2005-05-02

▶

CVEList

CVE-2005-0988: Race condition in gzip 1↗2005-04-06

▶

📋Vendor Advisories

Ubuntu

gzip vulnerabilities↗2005-05-04

▶

Red Hat

security flaw↗2005-04-04

▶

Debian

CVE-2005-0988: gzip - Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped f...↗2005

▶

💬Community

Bugzilla

CVE-2005-0988 security flaw↗2018-08-16

▶