Vulnerability Details CVE-2003-0367
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.6%
CVSS Severity
CVSS v2 Score 2.1
References
- http://www.debian.org/security/2003/dsa-308
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
- http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
- http://www.securityfocus.com/bid/7872
- http://www.turbolinux.com/security/TLSA-2003-38.txt
- http://www.debian.org/security/2003/dsa-308
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
- http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
- http://www.securityfocus.com/bid/7872
- http://www.turbolinux.com/security/TLSA-2003-38.txt
Products affected by CVE-2003-0367
-
cpe:2.3:a:gnu:gzip:-
-
cpe:2.3:a:gnu:gzip:1.2.4
-
cpe:2.3:a:gnu:gzip:1.2.4a
-
cpe:2.3:a:gnu:gzip:1.3
-
cpe:2.3:a:gnu:gzip:1.3.3
-
cpe:2.3:a:gnu:gzip:1.3.4
-
cpe:2.3:a:gnu:gzip:1.3.5
-
cpe:2.3:o:debian:debian_linux:2.2
-
cpe:2.3:o:debian:debian_linux:3.0