FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1260

This CVE name corresponds to:

Entered Topic
2005-06-29 bzip2 -- denial of service and permission race vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-1260
Phase Assigned(20050425)

Description

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

References

Source Reference
CONFIRM http://docs.info.apple.com/article.html?artnum=307041
APPLE APPLE-SA-2007-11-14
DEBIAN DSA-741
FEDORA FLSA:158801
REDHAT RHSA-2005:474
SGI 20060301-01-U
SUNALERT 103118
SUNALERT 200191
UBUNTU USN-127-1
CERT TA07-319A
BID 13657
BID 26444
OVAL oval:org.mitre.oval:def:10700
VUPEN ADV-2007-3525
VUPEN ADV-2007-3868
OVAL oval:org.mitre.oval:def:749
SECUNIA 19183
SECUNIA 15447
SECUNIA 27274
SECUNIA 27643