CVE-2004-0970 Information

Description

The (1) gzexe (2) zdiff and (3) znew scripts in the gzip package as used by other packages such as ncompress allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

Reference

http://secunia.com/advisories/13131 http://www.debian.org/security/2004/dsa-588 http://www.securityfocus.com/bid/11288 http://www.trustix.org/errata/2004/0050 http://www.zataz.net/adviso/ncompress-09052005.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/17583