CVE Catalog

CVE-1999-1332

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

The gzexe program in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Risk Assessment

An attacker could exploit this vulnerability to modify or delete important files of other users, potentially leading to data loss or system integrity issues.

Recommendation

It is recommended to update the system to a newer version that is not vulnerable to this type of attack and to implement appropriate security measures to restrict the ability to create symlinks.

Original NVD description (English source)

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS