CVE-2005-0988

NONE EPSS 46.8%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Threat Intelligence

EPSS Exploit Probability
46.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 104

VendorProductVersionRange
gnugzip1.2.4any
gnugzip1.2.4aany
gnugzip1.3.3any
freebsdfreebsd4.0any
freebsdfreebsd4.0any
freebsdfreebsd4.0any
freebsdfreebsd4.1any
freebsdfreebsd4.1.1any
freebsdfreebsd4.1.1any
freebsdfreebsd4.1.1any
freebsdfreebsd4.2any
freebsdfreebsd4.2any
freebsdfreebsd4.3any
freebsdfreebsd4.3any
freebsdfreebsd4.3any
freebsdfreebsd4.3any
freebsdfreebsd4.3any
freebsdfreebsd4.4any
freebsdfreebsd4.4any
freebsdfreebsd4.4any
freebsdfreebsd4.4any
freebsdfreebsd4.5any
freebsdfreebsd4.5any
freebsdfreebsd4.5any
freebsdfreebsd4.5any
freebsdfreebsd4.5any
freebsdfreebsd4.6any
freebsdfreebsd4.6any
freebsdfreebsd4.6any
freebsdfreebsd4.6any
freebsdfreebsd4.6any
freebsdfreebsd4.6.2any
freebsdfreebsd4.7any
freebsdfreebsd4.7any
freebsdfreebsd4.7any
freebsdfreebsd4.7any
freebsdfreebsd4.7any
freebsdfreebsd4.8any
freebsdfreebsd4.8any
freebsdfreebsd4.8any
freebsdfreebsd4.8any
freebsdfreebsd4.9any
freebsdfreebsd4.9any
freebsdfreebsd4.9any
freebsdfreebsd4.10any
freebsdfreebsd4.10any
freebsdfreebsd4.10any
freebsdfreebsd4.10any
freebsdfreebsd4.11any
freebsdfreebsd4.11any
freebsdfreebsd4.11any
freebsdfreebsd5.0any
freebsdfreebsd5.0any
freebsdfreebsd5.0any
freebsdfreebsd5.0any
freebsdfreebsd5.1any
freebsdfreebsd5.1any
freebsdfreebsd5.1any
freebsdfreebsd5.1any
freebsdfreebsd5.1any
freebsdfreebsd5.2any
freebsdfreebsd5.2.1any
freebsdfreebsd5.2.1any
freebsdfreebsd5.3any
freebsdfreebsd5.3any
freebsdfreebsd5.3any
freebsdfreebsd5.3any
freebsdfreebsd5.4any
freebsdfreebsd5.4any
freebsdfreebsd5.4any
gentoolinux*any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux_desktop3.0any
redhatenterprise_linux_desktop4.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
turbolinuxturbolinux_appliance_server1.0_hostingany
turbolinuxturbolinux_appliance_server1.0_workgroupany
turbolinuxturbolinux_desktop10.0any
turbolinuxturbolinux_home*any
turbolinuxturbolinux_server7.0any
turbolinuxturbolinux_server8.0any
turbolinuxturbolinux_server10.0any
turbolinuxturbolinux_workstation7.0any
turbolinuxturbolinux_workstation8.0any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any

References 18

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt
  • lists.apple.com http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2005-357.html
  • secunia.com http://secunia.com/advisories/18100
  • secunia.com http://secunia.com/advisories/21253
  • secunia.com http://secunia.com/advisories/22033
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1
  • debian.org http://www.debian.org/security/2005/dsa-752
  • osvdb.org http://www.osvdb.org/15487
  • securityfocus.com http://www.securityfocus.com/archive/1/394965
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/12996
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/19289
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA06-214A.html
    US Government Resource
  • vupen.com http://www.vupen.com/english/advisories/2006/3101
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765

Remediation