Vulnerability Description
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | 0.9.0 |
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9127.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4775PatchVendor Advisory
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9127.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4775PatchVendor Advisory
FAQ
What is CVE-2002-0760?
CVE-2002-0760 is a vulnerability with a CVSS score of 1.2 (LOW). Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the pe...
How severe is CVE-2002-0760?
CVE-2002-0760 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0760?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2.