Vulnerabilities > CVE-2002-0760 - Unspecified vulnerability in Bzip Bzip2

CVSS 1.2 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

high complexity

bzip

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Vulnerable Configurations

Part	Description	Count
Application	Bzip Bzip Bzip2 0.9.0 Bzip Bzip2 0.9.0A Bzip Bzip2 0.9.0B Bzip Bzip2 0.9.0C Bzip Bzip2 0.9.5A Bzip Bzip2 0.9.5B Bzip Bzip2 0.9.5C Bzip Bzip2 0.9.5D Bzip Bzip2 1.0 Bzip Bzip2 1.0.1	10

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.iss.net/security_center/static/9127.php
http://www.securityfocus.com/bid/4775