Details of VAR-200307-0024

ID

VAR-200307-0024

CVE

CVE-2003-0367

TITLE

gzip include znew Command improper temporary file creation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2003-000187

DESCRIPTION

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. Because of this, a local attacker may be able to launch a symbolic link attack against sensitive files. GNU Gzip is a compression/decompression program of the GNU Project. znew in Gzip packets has an input validation error vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2003-0367 // JVNDB: JVNDB-2003-000187 // BID: 7872 // VULHUB: VHN-7196

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	2.2	Trust: 1.0
vendor:	gnu	model:	gzip	scope:	lte	version:	1.3.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	3.0	Trust: 1.0
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	6.5	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	7	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	turbolinux	model:	workstation	scope:	eq	version:	6.0	Trust: 0.6
vendor:	turbolinux	model:	workstation	scope:	eq	version:	8.0	Trust: 0.6
vendor:	turbolinux	model:	advanced server	scope:	eq	version:	6.0	Trust: 0.6
vendor:	turbolinux	model:	server	scope:	eq	version:	8.0	Trust: 0.6
vendor:	turbolinux	model:	server	scope:	eq	version:	7.0	Trust: 0.6
vendor:	turbolinux	model:	server	scope:	eq	version:	6.5	Trust: 0.6
vendor:	turbolinux	model:	server	scope:	eq	version:	6.1	Trust: 0.6
vendor:	turbolinux	model:	workstation	scope:	eq	version:	7.0	Trust: 0.6
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.22	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.18	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.18	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.18	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.17	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.17	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.17	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.16	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.16	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.16	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.15	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.15	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.15	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.14	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.14	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.14	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.13	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.13	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.13	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.12	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.12	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.12	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.11	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.11	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.11	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.10	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.10	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.10	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.9	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.9	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.9	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.8	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.8	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.8	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.7	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.7	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.7	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.520	Trust: 0.3
vendor:	sgi	model:	irix .19m	scope:	eq	version:	6.5	Trust: 0.3
vendor:	sgi	model:	irix .19f	scope:	eq	version:	6.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5	Trust: 0.3
vendor:	gnu	model:	gzip	scope:	eq	version:	1.3.5	Trust: 0.3
vendor:	gnu	model:	gzip	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	gnu	model:	gzip	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	gnu	model:	gzip	scope:	eq	version:	1.3	Trust: 0.3
vendor:	gnu	model:	gzip a	scope:	eq	version:	1.2.4	Trust: 0.3
vendor:	gnu	model:	gzip	scope:	eq	version:	1.2.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	ne	version:	6.5.23	Trust: 0.3

sources: BID: 7872 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0367
value:	LOW
Trust: 1.0
NVD:	CVE-2003-0367
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200307-013
value:	LOW
Trust: 0.6
VULHUB:	VHN-7196
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2003-0367
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-7196
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7196 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-7196 // NVD: CVE-2003-0367

THREAT TYPE

local

Trust: 0.9

sources: BID: 7872 // CNNVD: CNNVD-200307-013

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200307-013

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000187

PATCH

title:	TLSA-2003-38	url:	http://www.turbolinux.com/security/2003/TLSA-2003-38.txt	Trust: 0.8
title:	TLSA-2003-38	url:	http://www.turbolinux.co.jp/security/2003/TLSA-2003-38j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2003-000187

EXTERNAL IDS

db:	BID	id:	7872	Trust: 2.8
db:	NVD	id:	CVE-2003-0367	Trust: 2.8
db:	JVNDB	id:	JVNDB-2003-000187	Trust: 0.8
db:	CNNVD	id:	CNNVD-200307-013	Trust: 0.7
db:	VULHUB	id:	VHN-7196	Trust: 0.1

sources: VULHUB: VHN-7196 // BID: 7872 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

REFERENCES

url:	http://www.securityfocus.com/bid/7872	Trust: 2.5
url:	http://www.openpkg.org/security/openpkg-sa-2003.031-gzip.html	Trust: 1.7
url:	http://www.debian.org/security/2003/dsa-308	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2003:068	Trust: 1.7
url:	http://www.turbolinux.com/security/tlsa-2003-38.txt	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0367	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0367	Trust: 0.8

sources: VULHUB: VHN-7196 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

CREDITS

Discovery credited to Paul Szabo.

Trust: 0.9

sources: BID: 7872 // CNNVD: CNNVD-200307-013

SOURCES

db:	VULHUB	id:	VHN-7196
db:	BID	id:	7872
db:	JVNDB	id:	JVNDB-2003-000187
db:	CNNVD	id:	CNNVD-200307-013
db:	NVD	id:	CVE-2003-0367

LAST UPDATE DATE

2024-08-14T14:48:13.066000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7196	date:	2019-05-23T00:00:00
db:	BID	id:	7872	date:	2009-07-11T22:06:00
db:	JVNDB	id:	JVNDB-2003-000187	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200307-013	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2003-0367	date:	2019-05-23T14:04:52.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7196	date:	2003-07-02T00:00:00
db:	BID	id:	7872	date:	2003-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2003-000187	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200307-013	date:	2003-07-02T00:00:00
db:	NVD	id:	CVE-2003-0367	date:	2003-07-02T04:00:00