gzip Race Condition Arbitrary File Permission Modification

Network Security News – Thursday, August 17, 2006 Events

gzip Race Condition Arbitrary File Permission Modification

gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker has write access to a directory in which a targeted user is using gzip to decompress a file, and will gain the ability to modify the permissions on any file owned by the targeted user. This flaw may lead to a loss of integrity.. Read more at osvdb.org/15487

Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker attempts to log in multiple times using a nonexistent account, which causes the process to hang, and will result in loss of availability for the service. This vulnerability could also be leveraged by an attacker to enumerate valid user accounts, resulting in a loss of confidentiality.. Read more at osvdb.org/27745

gzip -N Option Traversal Arbitrary File Write

gzip contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a parsing flaw in the -N option of gzip that may allow an attacker to create an archive that writes to an arbitrary location on the system. This flaw may lead to a loss of integrity.. Read more at osvdb.org/15721