ID

VAR-200307-0024


CVE

CVE-2003-0367


TITLE

gzip include znew Command improper temporary file creation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2003-000187

DESCRIPTION

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. Because of this, a local attacker may be able to launch a symbolic link attack against sensitive files. GNU Gzip is a compression/decompression program of the GNU Project. znew in Gzip packets has an input validation error vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2003-0367 // JVNDB: JVNDB-2003-000187 // BID: 7872 // VULHUB: VHN-7196

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:2.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:3.0

Trust: 1.0

vendor:gnumodel:gzipscope:lteversion:1.3.5

Trust: 1.0

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:6.5

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:turbolinuxmodel:workstationscope:eqversion:6.0

Trust: 0.6

vendor:turbolinuxmodel:workstationscope:eqversion:8.0

Trust: 0.6

vendor:turbolinuxmodel:advanced serverscope:eqversion:6.0

Trust: 0.6

vendor:turbolinuxmodel:serverscope:eqversion:8.0

Trust: 0.6

vendor:turbolinuxmodel:serverscope:eqversion:7.0

Trust: 0.6

vendor:turbolinuxmodel:serverscope:eqversion:6.5

Trust: 0.6

vendor:turbolinuxmodel:serverscope:eqversion:6.1

Trust: 0.6

vendor:turbolinuxmodel:workstationscope:eqversion:7.0

Trust: 0.6

vendor:sgimodel:irixscope:eqversion:6.5.22

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.1

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.520

Trust: 0.3

vendor:sgimodel:irix .19mscope:eqversion:6.5

Trust: 0.3

vendor:sgimodel:irix .19fscope:eqversion:6.5

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5

Trust: 0.3

vendor:gnumodel:gzipscope:eqversion:1.3.5

Trust: 0.3

vendor:gnumodel:gzipscope:eqversion:1.3.3

Trust: 0.3

vendor:gnumodel:gzipscope:eqversion:1.3.2

Trust: 0.3

vendor:gnumodel:gzipscope:eqversion:1.3

Trust: 0.3

vendor:gnumodel:gzip ascope:eqversion:1.2.4

Trust: 0.3

vendor:gnumodel:gzipscope:eqversion:1.2.4

Trust: 0.3

vendor:sgimodel:irixscope:neversion:6.5.23

Trust: 0.3

sources: BID: 7872 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0367
value: LOW

Trust: 1.0

NVD: CVE-2003-0367
value: LOW

Trust: 0.8

CNNVD: CNNVD-200307-013
value: LOW

Trust: 0.6

VULHUB: VHN-7196
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2003-0367
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7196
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7196 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-7196 // NVD: CVE-2003-0367

THREAT TYPE

local

Trust: 0.9

sources: BID: 7872 // CNNVD: CNNVD-200307-013

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200307-013

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000187

PATCH

title:TLSA-2003-38url:http://www.turbolinux.com/security/2003/TLSA-2003-38.txt

Trust: 0.8

title:TLSA-2003-38url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-38j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2003-000187

EXTERNAL IDS

db:BIDid:7872

Trust: 2.8

db:NVDid:CVE-2003-0367

Trust: 2.8

db:JVNDBid:JVNDB-2003-000187

Trust: 0.8

db:CNNVDid:CNNVD-200307-013

Trust: 0.7

db:VULHUBid:VHN-7196

Trust: 0.1

sources: VULHUB: VHN-7196 // BID: 7872 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

REFERENCES

url:http://www.securityfocus.com/bid/7872

Trust: 3.5

url:http://www.openpkg.org/security/openpkg-sa-2003.031-gzip.html

Trust: 2.7

url:http://www.debian.org/security/2003/dsa-308

Trust: 2.7

url:http://www.mandriva.com/security/advisories?name=mdksa-2003:068

Trust: 2.7

url:http://www.turbolinux.com/security/tlsa-2003-38.txt

Trust: 2.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0367

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0367

Trust: 0.8

sources: VULHUB: VHN-7196 // JVNDB: JVNDB-2003-000187 // CNNVD: CNNVD-200307-013 // NVD: CVE-2003-0367

CREDITS

Discovery credited to Paul Szabo.

Trust: 0.9

sources: BID: 7872 // CNNVD: CNNVD-200307-013

SOURCES

db:VULHUBid:VHN-7196
db:BIDid:7872
db:JVNDBid:JVNDB-2003-000187
db:CNNVDid:CNNVD-200307-013
db:NVDid:CVE-2003-0367

LAST UPDATE DATE

2024-11-22T23:06:58.212000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7196date:2019-05-23T00:00:00
db:BIDid:7872date:2009-07-11T22:06:00
db:JVNDBid:JVNDB-2003-000187date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200307-013date:2019-05-27T00:00:00
db:NVDid:CVE-2003-0367date:2024-11-20T23:44:34.427

SOURCES RELEASE DATE

db:VULHUBid:VHN-7196date:2003-07-02T00:00:00
db:BIDid:7872date:2003-06-11T00:00:00
db:JVNDBid:JVNDB-2003-000187date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200307-013date:2003-07-02T00:00:00
db:NVDid:CVE-2003-0367date:2003-07-02T04:00:00