Ncompress · Ncompress · CVE-2005-2991
**Name of the Vulnerable Software and Affected Versions**
ncompress versions 4.2.4 and earlier
**Description**
The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp.
**Recommendations**
For versions 4.2.4 and earlier, consider restricting access to the zdiff and zcmp functions until a patch is available.
As a temporary workaround, avoid using the zdiff and zcmp functions to minimize the risk of exploitation.