gzexe in the gzip package on Red Hat Linux 5.0 and previous versions allows local users to overwrite files of other users via a symlink attack on a temporary file.
Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367)
The gzexe script has a similar vulnerability which was patched in an
earlier release but inadvertently reverted
For the stable distribution (woody) both problems have been fixed i ...