CVE-2004-1349 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2004-1349?

CVE-2004-1349 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-1349?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gzip, Oracle Solaris.

Vulnerability Description

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnu	Gzip	< 1.3
Oracle	Solaris	8

Related Weaknesses (CWE)

CWE-269

References

http://secunia.com/advisories/12744Not ApplicablePatchVendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=seBroken LinkPatchVendor Advisory
http://www.kb.cert.org/vuls/id/635998Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/11318Broken LinkPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17577Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Not Applicable
http://secunia.com/advisories/12744Not ApplicablePatchVendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=seBroken LinkPatchVendor Advisory
http://www.kb.cert.org/vuls/id/635998Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/11318Broken LinkPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17577Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Not Applicable

FAQ

What is CVE-2004-1349?

CVE-2004-1349 is a vulnerability with a CVSS score of 2.1 (LOW). gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these f...

How severe is CVE-2004-1349?

CVE-2004-1349 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-1349?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gzip, Oracle Solaris.