CVE-2004-1349

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/12744	Not Applicable Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security	Broken Link Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/635998	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/11318	Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17577	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654	Not Applicable

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gzip::::::::
	cpe:2.3:o:oracle:solaris:8:::::::*

History

No history.

Information

Published : 2004-10-04 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-1349

Mitre link : CVE-2004-1349

CVE.ORG link : CVE-2004-1349

JSON object : View

Products Affected

oracle

solaris

gnu

gzip

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2004-1349", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-10-04T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/12744", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/635998", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11318", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17577", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files."}], "lastModified": "2023-03-24T18:12:47.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6693B6AA-575B-4338-B9D4-B17C5FACB88C", "versionEndExcluding": "1.3"}, {"criteria": "cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "722A52CF-4C6E-44D3-90C4-D2F72A40EF58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}