Vulnerabilities > CVE-2002-0761 - Symbolic Link Permissions vulnerability in bzip2 Archive Inherited

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

bzip

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Vulnerable Configurations

Part	Description	Count
Application	Bzip Bzip Bzip2 0.9.0 Bzip Bzip2 0.9.0A Bzip Bzip2 0.9.0B Bzip Bzip2 0.9.0C Bzip Bzip2 0.9.5A Bzip Bzip2 0.9.5B Bzip Bzip2 0.9.5C Bzip Bzip2 0.9.5D Bzip Bzip2 1.0 Bzip Bzip2 1.0.1	10

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.iss.net/security_center/static/9128.php
http://www.securityfocus.com/bid/4776