CVE-2004-0970 - Brickle Swallows
Description
The (1) gzexe (2) zdiff and (3) znew scripts in the gzip package as used by other packages such as ncompress allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
Reference
http://www.securityfocus.com/bid/11288 http://www.debian.org/security/2004/dsa-588 http://www.trustix.org/errata/2004/0050 http://www.zataz.net/adviso/ncompress-09052005.txt http://secunia.com/advisories/13131 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583