VDB
ANCHORE-2005-0988
ANCHORE-2005-0988
PUBLISHED
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| trustix | secure_linux | 2.2, 2.1, 2.0 |
| ubuntu | ubuntu_linux | 4.1, 4.1, 5.04 |
| redhat | enterprise_linux | 3.0, 3.0, 2.1 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting, 1.0_workgroup, 1.0_workgroup |
| turbolinux | turbolinux_server | 7.0, 10.0, 8.0 |
| turbolinux | turbolinux_desktop | 10.0, 10.0, 10.0 |
| freebsd | freebsd | 4.11-releng, 4.11-stable, 5.0 |
| gnu | gzip | 1.3.3, 1.2.4, 1.2.4a |
| turbolinux | turbolinux_workstation | 7.0, 8.0, 7.0 |
| redhat | linux_advanced_workstation | 2.1, 2.1, 2.1 |
| redhat | enterprise_linux_desktop | 3.0, 4.0, 4.0 |
Timeline
- Apr 6, 2005 CVE Published
- Aug 7, 2024 CVE Updated
- Mar 13, 2026 Distribution Patch
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt url
- http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html url
- http://rhn.redhat.com/errata/RHSA-2005-357.html url
- http://secunia.com/advisories/18100 url
- http://secunia.com/advisories/21253 url
- http://secunia.com/advisories/22033 url
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 url
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 url
- http://www.debian.org/security/2005/dsa-752 url
- http://www.osvdb.org/15487 url
- http://www.securityfocus.com/archive/1/394965 url
- http://www.securityfocus.com/bid/12996 url
- http://www.securityfocus.com/bid/19289 url
- http://www.us-cert.gov/cas/techalerts/TA06-214A.html url
- http://www.vupen.com/english/advisories/2006/3101 url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 url