gzip: insecure temporary files
| Package(s): | gzip | CVE #(s): | CVE-1999-1332 CAN-2003-0367 | ||||||||||||||||
| Created: | June 9, 2003 | Updated: | June 16, 2003 | ||||||||||||||||
| Description: | Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367).
The gzexe script has a similar vulnerability which was patched in an earlier release but inadvertently reverted. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||