Lucene search

K
ubuntucveUbuntu.comUB:CVE-2004-0970
HistoryFeb 09, 2005 - 12:00 a.m.

CVE-2004-0970

2005-02-0900:00:00
ubuntu.com
ubuntu.com
11

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

EPSS

0

Percentile

5.1%

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used
by other packages such as ncompress, allows local users to overwrite files
via a symlink attack on temporary files. NOTE: the znew vulnerability may
overlap CVE-2003-0367.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchcscope< 15.5+cvs20050816-1UNKNOWN
ubuntu6.10noarchcscope< 15.5+cvs20050816-1UNKNOWN
ubuntu7.04noarchcscope< 15.5+cvs20050816-1UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

EPSS

0

Percentile

5.1%