CVE Vulnerabilities

CVE-2003-0844

Published: Nov 17, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the Strengthen default permissions of internal system objects policy is not enabled.

Affected Software

Name Vendor Start Version End Version
Mod_gzip Dag_apt_repository * 1.3.26.1a

References