mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-10-09T04:00:00

Updated: 2024-08-08T02:05:12.652Z

Reserved: 2003-10-08T00:00:00

Link: CVE-2003-0844

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2003-11-17T05:00:00.000

Modified: 2024-11-20T23:45:39.323

Link: CVE-2003-0844

cve-icon Redhat

No data.