Vulnerability Details : CVE-2004-1349

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

Published 2004-10-04 04:00:00

Updated 2023-03-24 18:12:47

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-1349

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1349

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2004-1349

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: [email protected] (Primary)

References for CVE-2004-1349

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1654

Not Applicable
http://www.securityfocus.com/bid/11318

Broken Link;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17577

Third Party Advisory;VDB Entry
http://www.kb.cert.org/vuls/id/635998

Third Party Advisory;US Government Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57600-1&searchclause=security

Broken Link;Patch;Vendor Advisory

Products affected by CVE-2004-1349

GNU » Gzip
Versions before (<) 1.3
cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*
Matching versions
Oracle » Solaris » Version: 8
cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
Matching versions