FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0988

This CVE name corresponds to:

Entered Topic
2005-06-18 gzip -- directory traversal and permission race vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0988
Phase Assigned(20050406)

Description

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

References

Source Reference
BUGTRAQ 20050404 gzip TOCTOU file-permissions vulnerability
APPLE APPLE-SA-2006-08-01
DEBIAN DSA-752
REDHAT RHSA-2005:357
SCO SCOSA-2005.58
SLACKWARE SSA:2006-262
SUNALERT 101816
CERT TA06-214A
BID 12996
BID 19289
OVAL oval:org.mitre.oval:def:10242
VUPEN ADV-2006-3101
OSVDB 15487
OVAL oval:org.mitre.oval:def:1169
OVAL oval:org.mitre.oval:def:765
SECUNIA 18100
SECUNIA 21253
SECUNIA 22033