FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0953

This CVE name corresponds to:

Entered Topic
2005-06-29 bzip2 -- denial of service and permission race vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0953 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0953
Phase Assigned(20050403)

Description

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

References

Source Reference
BUGTRAQ 20050330 bzip2 TOCTOU file-permissions vulnerability
BUGTRAQ 20070109 rPSA-2007-0004-1 bzip2
CONFIRM http://docs.info.apple.com/article.html?artnum=307041
APPLE APPLE-SA-2007-11-14
DEBIAN DSA-730
FEDORA FLSA:158801
MANDRIVA MDKSA-2006:026
NETBSD NetBSD-SA2008-004
OPENPKG OpenPKG-SA-2007.002
REDHAT RHSA-2005:474
SGI 20060301-01-U
SUNALERT 103118
SUNALERT 200191
CERT TA07-319A
BID 12954
BID 26444
OVAL oval:org.mitre.oval:def:10902
VUPEN ADV-2007-3525
VUPEN ADV-2007-3868
OVAL oval:org.mitre.oval:def:1154
SECUNIA 19183
SECUNIA 27274
SECUNIA 27643
SECUNIA 29940
XF bzip2-toctou-symlink(19926)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.