CVE-2005-0988
gzip - several
EPSS 0.11%
Description
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
How to fix CVE-2005-0988
To remediate CVE-2005-0988, upgrade the affected package to a fixed version below.
- Debian/gzip—upgrade to 1.3.5-10 or later
- Debian/gzip—upgrade to 1.3.2-3woody5 or later
Is CVE-2005-0988 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.3.5-10
- from 0, < 1.3.2-3woody5