Home > Vulnerability Database > CVE-2004-0970

Mend.io Vulnerability Database

CVE-2004-0970

Date: October 19, 2004

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

Severity Score

4.0

Related Resources (9)

Url: http://www.zataz.net/adviso/ncompress-09052005.txt

Url: http://www.securityfocus.com/bid/11288

Url: http://www.trustix.org/errata/2004/0050

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Url: http://secunia.com/advisories/13131

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-0970

Url: http://www.debian.org/security/2004/dsa-588

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0970

Url: https://www.mend.io/vulnerability-database/CVE-2004-0970

Severity Score

4.0

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2004-0970

Date: October 19, 2004

Severity Score

Related Resources (9)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?