Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA752] DSA-752-1 gzip


Vulnerability Assessment Details

[DSA752] DSA-752-1 gzip

Vulnerability Assessment Summary
DSA-752-1 gzip

Detailed Explanation for this Vulnerability Assessment

Two problems have been discovered in gzip, the GNU compression
utility. The Common Vulnerabilities and Exposures project identifies
the following problems.
Imran Ghory discovered a race condition in the permissions setting
code in gzip. When decompressing a file in a directory an
attacker has access to, gunzip could be tricked to set the file
permissions to a different file the user has permissions to.
Ulf Härnhammar discovered a path traversal vulnerability in
gunzip. When gunzip is used with the -N option a possible hacker could
use
this vulnerability to create files in an arbitrary directory with
the permissions of the user.
For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.
We recommend that you upgrade your gzip package.


Solution : http://www.debian.org/security/2005/dsa-752
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi

Cables, Connectors

Dell R720xd 12-Core Server 2x E5-2620 v2 2.1GHz 256GB 24x 1TB 24 Bay H710P 2.5in
$5197.0
Dell R720xd 12-Core Server 2x E5-2620 v2 2.1GHz 256GB 24x 1TB 24 Bay H710P 2.5in pictureDell R720xd 12-Core Server 2x E5-2620 v2 2.1GHz 64GB 12x 1TB 3.5in Rails RPS
$1630.0
Dell R720xd 12-Core Server 2x E5-2620 v2 2.1GHz 64GB 12x 1TB 3.5in Rails RPS pictureDell R720xd 24-Core Server 2x E5-2697 v2 2.7GHz 64GB 24x 1TB 24 Bay H710P 2.5in
$5567.0
Dell R720xd 24-Core Server 2x E5-2697 v2 2.7GHz 64GB 24x 1TB 24 Bay H710P 2.5in pictureHP 8200 ELITE SFF 6GB RAM 1 TB HDD INTEL CORE I7-2600@3.40GHz WINDOWS 7 PRO
$185.0
HP 8200 ELITE SFF 6GB RAM 1 TB HDD INTEL CORE I7-2600@3.40GHz WINDOWS 7 PRO picture


Discussions

No Discussions have been posted on this vulnerability.