Vulnerabilities > CVE-2002-0760 - Unspecified vulnerability in Bzip Bzip2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bzip

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Vulnerable Configurations

Part	Description	Count
Application	Bzip Bzip Bzip2 1.0 Bzip Bzip2 0.9.5D Bzip Bzip2 0.9.0A Bzip Bzip2 0.9.0 Bzip Bzip2 0.9.5A Bzip Bzip2 0.9.5B Bzip Bzip2 0.9.0C Bzip Bzip2 1.0.1 Bzip Bzip2 0.9.5C Bzip Bzip2 0.9.0B	10

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.securityfocus.com/bid/4775
http://www.iss.net/security_center/static/9127.php
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt