Vulnerabilities > CVE-2005-2991 - Local Security vulnerability in ncompress

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

ncompress

NVD

Published: 2005-09-20

Updated: 2016-10-18

Summary

ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.

Vulnerable Configurations

Part	Description	Count
Application	Ncompress Ncompress Ncompress *	1

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

References

http://marc.info/?l=bugtraq&m=112689772732098&w=2
http://marc.info/?l=full-disclosure&m=112688098630314&w=2
http://securityreason.com/securityalert/12
http://www.zataz.net/adviso/ncompress-09052005.txt