3.7
CWE
NVD-CWE-Other 362
Advisory Published
Updated

CVE-2005-0988: Race Condition

First published: Wed Apr 06 2005(Updated: )

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
GNU gzip=1.2.4
GNU gzip=1.2.4a
GNU gzip=1.3.3
FreeBSD FreeBSD=4.0
FreeBSD FreeBSD=4.0-alpha
FreeBSD FreeBSD=4.0-releng
FreeBSD FreeBSD=4.1
FreeBSD FreeBSD=4.1.1
FreeBSD FreeBSD=4.1.1-release
FreeBSD FreeBSD=4.1.1-stable
FreeBSD FreeBSD=4.2
FreeBSD FreeBSD=4.2-stable
FreeBSD FreeBSD=4.3
FreeBSD FreeBSD=4.3-release
FreeBSD FreeBSD=4.3-release_p38
FreeBSD FreeBSD=4.3-releng
FreeBSD FreeBSD=4.3-stable
FreeBSD FreeBSD=4.4
FreeBSD FreeBSD=4.4-release_p42
FreeBSD FreeBSD=4.4-releng
FreeBSD FreeBSD=4.4-stable
FreeBSD FreeBSD=4.5
FreeBSD FreeBSD=4.5-release
FreeBSD FreeBSD=4.5-release_p32
FreeBSD FreeBSD=4.5-releng
FreeBSD FreeBSD=4.5-stable
FreeBSD FreeBSD=4.6
FreeBSD FreeBSD=4.6-release
FreeBSD FreeBSD=4.6-release_p20
FreeBSD FreeBSD=4.6-releng
FreeBSD FreeBSD=4.6-stable
FreeBSD FreeBSD=4.6.2
FreeBSD FreeBSD=4.7
FreeBSD FreeBSD=4.7-release
FreeBSD FreeBSD=4.7-release_p17
FreeBSD FreeBSD=4.7-releng
FreeBSD FreeBSD=4.7-stable
FreeBSD FreeBSD=4.8
FreeBSD FreeBSD=4.8-pre-release
FreeBSD FreeBSD=4.8-release_p6
FreeBSD FreeBSD=4.8-releng
FreeBSD FreeBSD=4.9
FreeBSD FreeBSD=4.9-pre-release
FreeBSD FreeBSD=4.9-releng
FreeBSD FreeBSD=4.10
FreeBSD FreeBSD=4.10-release
FreeBSD FreeBSD=4.10-release_p8
FreeBSD FreeBSD=4.10-releng
FreeBSD FreeBSD=4.11-release_p3
FreeBSD FreeBSD=4.11-releng
FreeBSD FreeBSD=4.11-stable
FreeBSD FreeBSD=5.0
FreeBSD FreeBSD=5.0-alpha
FreeBSD FreeBSD=5.0-release_p14
FreeBSD FreeBSD=5.0-releng
FreeBSD FreeBSD=5.1
FreeBSD FreeBSD=5.1-alpha
FreeBSD FreeBSD=5.1-release
FreeBSD FreeBSD=5.1-release_p5
FreeBSD FreeBSD=5.1-releng
FreeBSD FreeBSD=5.2
FreeBSD FreeBSD=5.2.1-release
FreeBSD FreeBSD=5.2.1-releng
FreeBSD FreeBSD=5.3
FreeBSD FreeBSD=5.3-release
FreeBSD FreeBSD=5.3-releng
FreeBSD FreeBSD=5.3-stable
FreeBSD FreeBSD=5.4-pre-release
FreeBSD FreeBSD=5.4-release
FreeBSD FreeBSD=5.4-releng
Gentoo Linux
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=4.0
Red Hat Enterprise Linux=4.0
Red Hat Enterprise Linux=4.0
redhat enterprise Linux desktop=3.0
redhat enterprise Linux desktop=4.0
Red Hat Linux Advanced Workstation=2.1
Red Hat Linux Advanced Workstation=2.1
Trustix Secure Linux=2.0
Trustix Secure Linux=2.1
Trustix Secure Linux=2.2
TurboLinux Appliance Server=1.0_hosting
TurboLinux Appliance Server=1.0_workgroup
TurboLinux Desktop=10.0
Turbolinux
Turbolinux Server=7.0
Turbolinux Server=8.0
Turbolinux Server=10.0
Turbolinux Workstation=7.0
Turbolinux Workstation=8.0
Ubuntu Linux=4.1
Ubuntu Linux=4.1
Ubuntu Linux=5.04
Ubuntu Linux=5.04
Ubuntu Linux=5.04

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2005-0988?

    CVE-2005-0988 is considered a moderate severity vulnerability due to its potential for local privilege escalation.

  • How do I fix CVE-2005-0988?

    To fix CVE-2005-0988, update the GNU gzip version to 1.3.4 or later, or apply available vendor patches.

  • Which versions of gzip are affected by CVE-2005-0988?

    CVE-2005-0988 affects gzip versions 1.2.4, 1.2.4a, and 1.3.3 and earlier.

  • What impact does CVE-2005-0988 have on system security?

    The impact of CVE-2005-0988 allows local users to alter permissions of arbitrary files, potentially compromising system integrity.

  • Is there a workaround for CVE-2005-0988?

    A temporary workaround for CVE-2005-0988 is to avoid using gzip for decompressing files in sensitive locations.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203