Mandrake Linux Security Advisory : gzip (MDKSA-2004:142)

low Nessus Plugin ID 15915

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack.

A similar problem was fixed last year (CVE-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script.

Solution

Update the affected gzip package.

Plugin Details

Severity: Low

ID: 15915

File Name: mandrake_MDKSA-2004-142.nasl

Version: 1.19

Type: local

Published: 12/7/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gzip, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/6/2004

Reference Information

CVE: CVE-2004-0970

MDKSA: 2004:142