|
|
Family: Debian Local Security Checks --> Category: infos
[DSA752] DSA-752-1 gzip Vulnerability Scan
Vulnerability Scan Summary
DSA-752-1 gzip
Detailed Explanation for this Vulnerability Test
Two problems have been discovered in gzip, the GNU compression
utility. The Common Vulnerabilities and Exposures project identifies
the following problems.
Imran Ghory discovered a race condition in the permissions setting
code in gzip. When decompressing a file in a directory an
attacker has access to, gunzip could be tricked to set the file
permissions to a different file the user has permissions to.
Ulf Härnhammar discovered a path traversal vulnerability in
gunzip. When gunzip is used with the -N option a possible hacker could
use
this vulnerability to create files in an arbitrary directory with
the permissions of the user.
For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.
We recommend that you upgrade your gzip package.
Solution : http://www.debian.org/security/2005/dsa-752
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
