CVE-2004-0970

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2004-0970

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2004-0970.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2004-0970

Downstream

DEBIAN-CVE-2004-0970

DSA-588-1

Published

2005-02-09T05:00:00Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

References

http://secunia.com/advisories/13131
http://www.debian.org/security/2004/dsa-588
http://www.securityfocus.com/bid/11288
http://www.trustix.org/errata/2004/0050
http://www.zataz.net/adviso/ncompress-09052005.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

CVE-2004-0970

Affected packages