Two problems related to extraction of files exist in gzip:
The first problem is that gzip does not properly sanitize filenames containing "/" when uncompressing files using the -N command line option.
The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed.
The first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option.
The second problem can allow a local attacker to change the permissions of arbitrary local files, on the same partition as the one the user is uncompressing a file on, by removing the file the user is uncompressing and replacing it with a hardlink before the uncompress operation is finished.
Do not use the -N command line option on untrusted files and do not uncompress files in directories where untrusted users have write access.
Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.