| Vulnerability Name: | CVE-1999-1332 (CCN-7241) | ||||||||
| Assigned: | 1998-01-28 | ||||||||
| Published: | 1998-01-28 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory SA-1998.04 Caldera Security Advisory SA-1998.04: Vulnerabilities using gzexe Source: CCN Type: BugTraq Mailing List, Wed, 28 Jan 1998 21:41:53 +0100 GZEXE - the big problem Source: MITRE Type: CNA CVE-1999-1332 Source: BUGTRAQ Type: UNKNOWN 19980128 GZEXE - the big problem Source: DEBIAN Type: UNKNOWN DSA-308 Source: DEBIAN Type: DSA-308 gzip -- insecure temporary files Source: XF Type: UNKNOWN gzip-gzexe-tmp-symlink(7241) Source: CCN Type: Gentoo Linux Security Announcement 200306-05 gzip Source: OSVDB Type: UNKNOWN 3812 Source: CCN Type: OSVDB ID: 3812 gzip gzexe Insecure Temp File Creation Source: CCN Type: OSVDB ID: 60297 gzip gzexe Temp File Failure Argument Handling Arbitrary Command Execution Source: CCN Type: Red Hat Linux 5.0 General Errata gzip Source: CONFIRM Type: UNKNOWN http://www.redhat.com/support/errata/rh50-errata-general.html#gzip Source: BID Type: UNKNOWN 7845 Source: CCN Type: BID-7845 GNU gzexe Temporary File Vulnerability Source: XF Type: UNKNOWN gzip-gzexe-tmp-symlink(7241) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||