CVE-2004-1349
gzip < 1.3 - Improper Privilege Management via Hard Link Permission Change
Title source: llmDescription
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17577
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/635998
Not Applicable vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11318
Not Applicable, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12744
Scores
EPSS
0.0007
EPSS Percentile
21.4%
Details
CWE
CWE-269
Status
published
Products (2)
gnu/gzip
< 1.3
oracle/solaris
8
Published
Oct 04, 2004
Tracked Since
Feb 18, 2026