Описание
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Отчет
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gzip | Not affected | ||
| Red Hat Enterprise Linux 6 | gzip | Not affected | ||
| Red Hat Enterprise Linux 7 | gzip | Not affected | ||
| Red Hat Enterprise Linux 8 | gzip | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1850889gzip: symlink attack on temporary files leads to arbitrary file overwrite
6.2 Medium
CVSS3
Связанные уязвимости
nvd
около 22 лет назад
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
debian
около 22 лет назад
znew in the gzip package allows local users to overwrite arbitrary fil ...
github
больше 3 лет назад
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6.2 Medium
CVSS3