Vulnerability Description
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gzip | 1.2.4a |
References
- http://secunia.com/advisories/13131
- http://www.debian.org/security/2004/dsa-588Vendor Advisory
- http://www.securityfocus.com/bid/11288PatchVendor Advisory
- http://www.trustix.org/errata/2004/0050
- http://www.zataz.net/adviso/ncompress-09052005.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- http://secunia.com/advisories/13131
- http://www.debian.org/security/2004/dsa-588Vendor Advisory
- http://www.securityfocus.com/bid/11288PatchVendor Advisory
- http://www.trustix.org/errata/2004/0050
- http://www.zataz.net/adviso/ncompress-09052005.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
FAQ
What is CVE-2004-0970?
CVE-2004-0970 is a vulnerability with a CVSS score of 2.1 (LOW). The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: t...
How severe is CVE-2004-0970?
CVE-2004-0970 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0970?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gzip.