######################################################### ncompress insecure temporary file creation Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/ Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ######################################################### The vulnerability is caused due to temporary file being created insecurely. This can be exploited via symlink attacks in combination with a race condition to create and overwrite arbitrary files with the privileges of the user running the affected script. ########## Versions: ########## ncompress <= 4.2.4-r1 ########## Solution: ########## Use the gzip zdiff and zcmp ######### Timeline: ######### Vendor notified : 2005-09-05 ##################### Technical details : ##################### ncompress use vulnerable version off zdiff and zcmp. ######### Related : ######### Secunia : http://secunia.com/advisories/13131/ CVE : CAN-2004-0970
doesnt affect us, marking INVALID.
public, opening.