VDB

ANCHORE-2005-0988

ANCHORE-2005-0988 PUBLISHED

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Affected Products

VendorProductVersions
trustixsecure_linux2.2, 2.1, 2.0
ubuntuubuntu_linux4.1, 4.1, 5.04
redhatenterprise_linux3.0, 3.0, 2.1
turbolinuxturbolinux_appliance_server1.0_hosting, 1.0_workgroup, 1.0_workgroup
turbolinuxturbolinux_server7.0, 10.0, 8.0
turbolinuxturbolinux_desktop10.0, 10.0, 10.0
freebsdfreebsd4.11-releng, 4.11-stable, 5.0
gnugzip1.3.3, 1.2.4, 1.2.4a
turbolinuxturbolinux_workstation7.0, 8.0, 7.0
redhatlinux_advanced_workstation2.1, 2.1, 2.1
redhatenterprise_linux_desktop3.0, 4.0, 4.0

Timeline

  • Apr 6, 2005 CVE Published
  • Aug 7, 2024 CVE Updated
  • Mar 13, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›