ID CVE-2004-1349
Summary gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 2.1 (as of 21-06-2005 - 10:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
oval via4
accepted 2005-06-01T03:30:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
family unix
id oval:org.mitre.oval:def:1654
status accepted
submitted 2005-04-13T12:00:00.000-04:00
title gzip -force File Permission Alteration Vulnerability
version 31
refmap via4
bid 11318
cert-vn VU#635998
secunia 12744
sunalert 57600
xf solaris-gzip-modify-privileges(17577)
Last major update 10-09-2008 - 15:29
Published 04-10-2004 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top