Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0988 Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
local
high complexity
gnu freebsd gentoo redhat trustix turbolinux ubuntu
3.7
2005-05-02 CVE-2005-0202 Unspecified vulnerability in GNU Mailman
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
network
low complexity
gnu
5.0
2005-05-02 CVE-2005-0080 Remote Security vulnerability in Ubuntu Linux
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
network
low complexity
gnu ubuntu
5.0
2005-04-27 CVE-2004-1488 Remote vulnerability in GNU WGet
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
network
low complexity
gnu
5.0
2005-04-27 CVE-2004-1487 Remote vulnerability in GNU WGet
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
network
low complexity
gnu
5.0
2005-02-09 CVE-2004-0970 Insecure Temporary File Creation vulnerability in GNU Gzip 1.2.4A
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files.
local
low complexity
gnu
2.1
2005-02-09 CVE-2004-0969 The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
local
low complexity
gnu gentoo ubuntu
2.1
2005-02-09 CVE-2004-0968 The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
local
low complexity
gnu redhat
2.1
2005-02-09 CVE-2004-0966 Insecure Temporary File Creation vulnerability in GNU GetText
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
local
low complexity
gnu ubuntu
2.1
2005-02-07 CVE-2005-0100 Remote Format String vulnerability in GNU Emacs and Xemacs
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
network
low complexity
gnu
7.5