Vulnerability Description
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gzip | <= 1.3.3 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=54890Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200406-18.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/10603PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16506
- http://bugs.gentoo.org/show_bug.cgi?id=54890Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200406-18.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/10603PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16506
FAQ
What is CVE-2004-0603?
CVE-2004-0603 is a vulnerability with a CVSS score of 10.0 (HIGH). gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary c...
How severe is CVE-2004-0603?
CVE-2004-0603 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0603?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gzip.