OSVDB ID: 15487 Title: gzip Race Condition Arbitrary File Permission Modification |
Info |
|
|
Dates |
||||
|
|
Description |
gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker has write access to a directory in which a targeted user is using gzip to decompress a file, and will gain the ability to modify the permissions on any file owned by the targeted user. This flaw may lead to a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Race Condition Impact: Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
See vendor-specific advisory for fix information. |
Products |
|
Credit |
|
gmail.com -