Vulnerability Bulletins

int(1129)

Vulnerability Bulletins

Vulnerabilidad de enlace simbólico en gzip
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Integridad
Dificulty	Experto
Required attacker level	Acceso fisico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	gzip 1.2.4 a
Description
Existe una vulnerabilidad en la creación de ficheros temporales de los scripts de la aplicación gzip que podría permitir a usuarios locales sobreescribir archivos mediante un ataque de enlace simbólico.
Solution
Actualización de software Debian Linux Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3.dsc http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3.diff.gz http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2.orig.tar.gz Arquitectura Alpha: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_alpha.deb Arquitectura ARM: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_arm.deb Arquitectura Intel IA-32: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_i386.deb Arquitectura Intel IA-64: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_ia64.deb Arquitectura HP Precision: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_hppa.deb Arquitectura Motorola 680x0: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_m68k.deb Arquitectura Big endian MIPS: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_mips.deb Arquitectura Little endian MIPS: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_mipsel.deb Arquitectura PowerPC: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_powerpc.deb Arquitectura IBM S/390: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_s390.deb Arquitectura Sun Sparc: http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_sparc.deb Mandrake Linux Mandrake Linux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/gzip-1.2.4a-13.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/gzip-1.2.4a-13.1.92mdk.src.rpm Mandrake Linux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/gzip-1.2.4a-13.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/gzip-1.2.4a-13.1.92mdk.src.rpm Mandrake Lnux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/gzip-1.2.4a-13.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/gzip-1.2.4a-13.1.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/gzip-1.2.4a-13.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/gzip-1.2.4a-13.1.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gzip-1.2.4a-13.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/gzip-1.2.4a-13.1.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gzip-1.2.4a-13.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/gzip-1.2.4a-13.1.101mdk.src.rpm Multi Network Firewall 8.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/gzip-1.2.4a-11.3.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/gzip-1.2.4a-11.3.M82mdk.src.rpm Corporate Server 2.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/gzip-1.2.4a-11.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/gzip-1.2.4a-11.3.C21mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.3.C21mdk.src.rpm
Standar resources
Property	Value
CVE	CAN-2004-0970
BID
Other resources
Debian Security Advisory DSA 588-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00197.html Linux Mandrake security advisory (MDKSA-2004:142) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:142

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-11-08
1.1	Aviso emitido por Mandrake Linux (MDKSA-2004:142)	2004-12-07

Vulnerability Bulletins

Vulnerabilidad de enlace simbólico en gzip

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history