GNU gzexe暂时文件漏洞

漏洞信息详情

GNU gzexe暂时文件漏洞

• CNNVD编号：CNNVD-199912-114
• 危害等级： 低危
  
  
• CVE编号：
  CVE-1999-1332
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  1999-12-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  redhat
• 漏洞来源：
  Discovered by Paul…

Red Hat Linux 5.0 及之前版本中的压缩包存在gzexe暂时文件漏洞。本地用户可以通过向暂时文件的符号连接攻击来重写其他用户的文件。

Debian has issued upgrades that will eliminate the vulnerability in Debian packages. See DSA-308-1 (in the reference section) for URLs.
SGI has released advisory 20040104-01-P to address this issue.
Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the
patch when it is available. Further details can be found in the
attached advisory.
GNU gzip 1.2.4

• Debian gzip_1.2.4-33.2_alpha.debAlpha
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_al
  pha.deb
• Debian gzip_1.2.4-33.2_arm.debARM
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_ar
  m.deb
• Debian gzip_1.2.4-33.2_i386.debIA-32
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_i3
  86.deb
• Debian gzip_1.2.4-33.2_m68k.debMotorola 680×0
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_m6
  8k.deb
• Debian gzip_1.2.4-33.2_powerpc.debPowerPC
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_po
  werpc.deb
• Debian gzip_1.2.4-33.2_sparc.debSun Sparc
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_sp
  arc.deb

GNU gzip 1.3.2

• Debian gzip_1.3.2-3woody1_alpha.debAlpha
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _alpha.deb
• Debian gzip_1.3.2-3woody1_arm.debARM
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _arm.deb
• Debian gzip_1.3.2-3woody1_hppa.debHP
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _hppa.deb
• Debian gzip_1.3.2-3woody1_i386.debIA-32
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _i386.deb
• Debian gzip_1.3.2-3woody1_ia64.debIA-64
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _ia64.deb
• Debian gzip_1.3.2-3woody1_m68k.debMotorola 680×0
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _m68k.deb
• Debian gzip_1.3.2-3woody1_mips.debBig endian MIPS
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _mips.deb
• Debian gzip_1.3.2-3woody1_mipsel.debLittle endian MIPS
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _mipsel.deb
• Debian gzip_1.3.2-3woody1_powerpc.debPowerPC
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _powerpc.deb
• Debian gzip_1.3.2-3woody1_s390.debIBM S/390
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _s390.deb
• Debian gzip_1.3.2-3woody1_sparc.debSun Sparc
  
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1
  _sparc.deb

来源: www.redhat.com
链接:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip

来源: BUGTRAQ
名称: 19980128 GZEXE – the big problem
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2

来源: BID
名称: 7845
链接:http://www.securityfocus.com/bid/7845

来源: OSVDB
名称: 3812
链接:http://www.osvdb.org/3812

来源: XF
名称: gzip-gzexe-tmp-symlink(7241)
链接:http://www.iss.net/security_center/static/7241.php

来源: DEBIAN
名称: DSA-308
链接:http://www.debian.org/security/2003/dsa-308