CVE-2003-0367

znew in gzip - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7872
Patch, Third Party Advisory vendor-advisory x_refsource_turbo
http://www.turbolinux.com/security/TLSA-2003-38.txt
Patch, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-308
Third Party Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
Patch, Vendor Advisory x_refsource_confirm
http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html

Scores

EPSS 0.0014
EPSS Percentile 33.7%

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 2.2
debian/debian_linux 3.0
gnu/gzip < 1.3.5
Published Jul 02, 2003
Tracked Since Feb 18, 2026