Lucene search

[email protected]CVE-2005-0988

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0988

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0988

gzip

race condition

file permissions

hard link attack

nvd

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.8%

JSON

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Affected configurations

NVD

Node

gnugzipMatch1.2.4

gnugzipMatch1.2.4a

gnugzipMatch1.3.3

Node

freebsdfreebsdMatch4.0

freebsdfreebsdMatch4.0alpha

freebsdfreebsdMatch4.0releng

freebsdfreebsdMatch4.1

freebsdfreebsdMatch4.1.1

freebsdfreebsdMatch4.1.1release

freebsdfreebsdMatch4.1.1stable

freebsdfreebsdMatch4.2

freebsdfreebsdMatch4.2stable

freebsdfreebsdMatch4.3

freebsdfreebsdMatch4.3release

freebsdfreebsdMatch4.3release_p38

freebsdfreebsdMatch4.3releng

freebsdfreebsdMatch4.3stable

freebsdfreebsdMatch4.4

freebsdfreebsdMatch4.4release_p42

freebsdfreebsdMatch4.4releng

freebsdfreebsdMatch4.4stable

freebsdfreebsdMatch4.5

freebsdfreebsdMatch4.5release

freebsdfreebsdMatch4.5release_p32

freebsdfreebsdMatch4.5releng

freebsdfreebsdMatch4.5stable

freebsdfreebsdMatch4.6

freebsdfreebsdMatch4.6release

freebsdfreebsdMatch4.6release_p20

freebsdfreebsdMatch4.6releng

freebsdfreebsdMatch4.6stable

freebsdfreebsdMatch4.6.2

freebsdfreebsdMatch4.7

freebsdfreebsdMatch4.7release

freebsdfreebsdMatch4.7release_p17

freebsdfreebsdMatch4.7releng

freebsdfreebsdMatch4.7stable

freebsdfreebsdMatch4.8

freebsdfreebsdMatch4.8pre-release

freebsdfreebsdMatch4.8release_p6

freebsdfreebsdMatch4.8releng

freebsdfreebsdMatch4.9

freebsdfreebsdMatch4.9pre-release

freebsdfreebsdMatch4.9releng

freebsdfreebsdMatch4.10

freebsdfreebsdMatch4.10release

freebsdfreebsdMatch4.10release_p8

freebsdfreebsdMatch4.10releng

freebsdfreebsdMatch4.11release_p3

freebsdfreebsdMatch4.11releng

freebsdfreebsdMatch4.11stable

freebsdfreebsdMatch5.0

freebsdfreebsdMatch5.0alpha

freebsdfreebsdMatch5.0release_p14

freebsdfreebsdMatch5.0releng

freebsdfreebsdMatch5.1

freebsdfreebsdMatch5.1alpha

freebsdfreebsdMatch5.1release

freebsdfreebsdMatch5.1release_p5

freebsdfreebsdMatch5.1releng

freebsdfreebsdMatch5.2

freebsdfreebsdMatch5.2.1release

freebsdfreebsdMatch5.2.1releng

freebsdfreebsdMatch5.3

freebsdfreebsdMatch5.3release

freebsdfreebsdMatch5.3releng

freebsdfreebsdMatch5.3stable

freebsdfreebsdMatch5.4pre-release

freebsdfreebsdMatch5.4release

freebsdfreebsdMatch5.4releng

gentoolinux

redhatenterprise_linuxMatch2.1advanced_server

redhatenterprise_linuxMatch2.1advanced_server_ia64

redhatenterprise_linuxMatch2.1enterprise_server

redhatenterprise_linuxMatch2.1enterprise_server_ia64

redhatenterprise_linuxMatch2.1workstation

redhatenterprise_linuxMatch2.1workstation_ia64

redhatenterprise_linuxMatch3.0advanced_server

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation_server

redhatenterprise_linuxMatch4.0advanced_server

redhatenterprise_linuxMatch4.0enterprise_server

redhatenterprise_linuxMatch4.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatlinux_advanced_workstationMatch2.1ia64

redhatlinux_advanced_workstationMatch2.1itanium_processor

trustixsecure_linuxMatch2.0

trustixsecure_linuxMatch2.1

trustixsecure_linuxMatch2.2

turbolinuxturbolinux_appliance_serverMatch1.0_hosting

turbolinuxturbolinux_appliance_serverMatch1.0_workgroup

turbolinuxturbolinux_desktopMatch10.0

turbolinuxturbolinux_home

turbolinuxturbolinux_serverMatch7.0

turbolinuxturbolinux_serverMatch8.0

turbolinuxturbolinux_serverMatch10.0

turbolinuxturbolinux_workstationMatch7.0

turbolinuxturbolinux_workstationMatch8.0

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

ubuntuubuntu_linuxMatch5.04amd64

ubuntuubuntu_linuxMatch5.04i386

ubuntuubuntu_linuxMatch5.04powerpc

CPENameOperatorVersion
gnu:gzipgnu gzipeq1.2.4
gnu:gzipgnu gzipeq1.2.4a
gnu:gzipgnu gzipeq1.3.3

CPE	Name	Operator	Version
gnu:gzip	gnu gzip	eq	1.2.4
gnu:gzip	gnu gzip	eq	1.2.4a
gnu:gzip	gnu gzip	eq	1.3.3

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt

lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

rhn.redhat.com/errata/RHSA-2005-357.html

secunia.com/advisories/18100

secunia.com/advisories/21253

secunia.com/advisories/22033

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852

sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1

www.debian.org/security/2005/dsa-752

www.osvdb.org/15487

www.securityfocus.com/archive/1/394965

www.securityfocus.com/bid/12996

www.securityfocus.com/bid/19289

www.us-cert.gov/cas/techalerts/TA06-214A.html

www.vupen.com/english/advisories/2006/3101

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for CVE-2005-0988

openvas12 nvd1 debiancve1 cvelist1 ubuntucve1 nessus9 osv1 freebsd_advisory1 debian2 ubuntu1 freebsd1 gentoo1 centos2 altlinux2 redhat1 f52 slackware1