Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA752] DSA-752-1 gzip


Vulnerability Assessment Details

[DSA752] DSA-752-1 gzip

Vulnerability Assessment Summary
DSA-752-1 gzip

Detailed Explanation for this Vulnerability Assessment

Two problems have been discovered in gzip, the GNU compression
utility. The Common Vulnerabilities and Exposures project identifies
the following problems.
Imran Ghory discovered a race condition in the permissions setting
code in gzip. When decompressing a file in a directory an
attacker has access to, gunzip could be tricked to set the file
permissions to a different file the user has permissions to.
Ulf Härnhammar discovered a path traversal vulnerability in
gunzip. When gunzip is used with the -N option a possible hacker could
use
this vulnerability to create files in an arbitrary directory with
the permissions of the user.
For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.
We recommend that you upgrade your gzip package.


Solution : http://www.debian.org/security/2005/dsa-752
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi

Cables, Connectors

MSI - GT Titan 17.3" Laptop - Intel Core i7 - 64GB Memory - NVIDIA GeForce GT...
$3299.99
MSI - GT Titan 17.3PNY 8GB 2x4GB Cual Channel PC Memory Kit DDR3 PC3-14900
$60.0
PNY 8GB 2x4GB Cual Channel PC Memory Kit DDR3 PC3-14900  picturePNY 1 GB DIMM 400 MHz DDR Memory (MD1024SD1400)
$10.65
PNY 1 GB DIMM 400 MHz DDR Memory (MD1024SD1400) pictureHynix 8GB 1Rx8 PC4-2400 UnBfrd (HMA81GU7AFR8N-UH)
$149.0
Hynix 8GB 1Rx8 PC4-2400 UnBfrd (HMA81GU7AFR8N-UH) picture


Discussions

No Discussions have been posted on this vulnerability.