Vulnerabilities > CVE-2002-0761 - Unspecified vulnerability in Bzip Bzip2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bzip

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Vulnerable Configurations

Part	Description	Count
Application	Bzip Bzip Bzip2 1.0 Bzip Bzip2 0.9.5D Bzip Bzip2 0.9.0A Bzip Bzip2 0.9.0 Bzip Bzip2 0.9.5A Bzip Bzip2 0.9.5B Bzip Bzip2 0.9.0C Bzip Bzip2 1.0.1 Bzip Bzip2 0.9.5C Bzip Bzip2 0.9.0B	10

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.iss.net/security_center/static/9128.php
http://www.securityfocus.com/bid/4776
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt