GNU GZip CHMod File Permission Modification Race Condition Weakness

GNU GZip CHMod File Permission Modification Race Condition Weakness

The gzip utility is reported prone to a security weakness; the issue occurs only when an archive is extracted into a world- or group-writeable directory. Reportedly, gzip employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target files.

This weakness is reported to affect gzip 1.2.4, 1.3.3, and previous versions.