Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA752] DSA-752-1 gzip


Vulnerability Assessment Details

[DSA752] DSA-752-1 gzip

Vulnerability Assessment Summary
DSA-752-1 gzip

Detailed Explanation for this Vulnerability Assessment

Two problems have been discovered in gzip, the GNU compression
utility. The Common Vulnerabilities and Exposures project identifies
the following problems.
Imran Ghory discovered a race condition in the permissions setting
code in gzip. When decompressing a file in a directory an
attacker has access to, gunzip could be tricked to set the file
permissions to a different file the user has permissions to.
Ulf Härnhammar discovered a path traversal vulnerability in
gunzip. When gunzip is used with the -N option a possible hacker could
use
this vulnerability to create files in an arbitrary directory with
the permissions of the user.
For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.
We recommend that you upgrade your gzip package.


Solution : http://www.debian.org/security/2005/dsa-752
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi

Cables, Connectors

Vintage Apple Macintosh M7803 Pro Keyboard Black/Clear
$7.99
Vintage Apple Macintosh M7803 Pro Keyboard Black/Clear  pictureVintage Toshiba T3100e/40 PC MS-DOS 286 Laptop CF
$186.0
Vintage Toshiba T3100e/40 PC MS-DOS 286 Laptop CF pictureVintage/Original Apollo 15 (XV) Recovery USS Okinawa Patch NASA GRAY Helicopter
$179.0
Vintage/Original Apollo 15 (XV) Recovery USS Okinawa Patch NASA GRAY Helicopter pictureIntel D8086-2 VINTAGE COLLECTIBLE CPU
$6.5
Intel D8086-2 VINTAGE COLLECTIBLE CPU picture


Discussions

No Discussions have been posted on this vulnerability.