Vulnerability Description
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | 0.9.0 |
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9126.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4774PatchVendor Advisory
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9126.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4774PatchVendor Advisory
FAQ
What is CVE-2002-0759?
CVE-2002-0759 is a vulnerability with a CVSS score of 5.0 (MEDIUM). bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the us...
How severe is CVE-2002-0759?
CVE-2002-0759 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0759?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2.