retitle 303927 CAN-2005-0988 gzip: file permissions modification race
tags 303927 + patch
thanks
This is the patch from Ubuntu package 1.3.5-9ubuntu3.1. I found it at
URL:
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz
This bug is also listed in RedHat
Package: gzip
Version: 1.3.5-9
Severity: normal
Tags: security
See-also: #303300
According to http://www.securityfocus.com/archive/1/394965:
If a malicious local user has write access to a directory in which a
target user is using gzip to extract or compress a file to then a
TOCTOU bug can
2 matches
Mail list logo