CVE-2004-0603 - gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails inst

CVE-2004-0603

Summary

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

References

Vulnerable Configurations

cpe:2.3:a:gnu:gzip:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.2.4a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	10603
confirm	http://bugs.gentoo.org/show_bug.cgi?id=54890
gentoo	GLSA-200406-18
xf	gzip-gzexe-tmpfile(16506)

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

11-07-2017 - 01:30

Published

06-12-2004 - 05:00

Last modified

11-07-2017 - 01:30