Vulnerability Description
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | 0.9.0 |
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9128.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4776PatchVendor Advisory
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.ascPatchVendor Advisory
- http://www.iss.net/security_center/static/9128.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4776PatchVendor Advisory
FAQ
What is CVE-2002-0761?
CVE-2002-0761 is a vulnerability with a CVSS score of 2.1 (LOW). bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could c...
How severe is CVE-2002-0761?
CVE-2002-0761 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0761?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2.