CVE-2005-1260 — MEDIUM (5.0)

Q: What is CVE-2005-1260?

CVE-2005-1260 is a vulnerability with a CVSS score of 5.0 (MEDIUM). bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Q: How severe is CVE-2005-1260?

CVE-2005-1260 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-1260?

Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2, Canonical Ubuntu Linux, Debian Debian Linux, Apple Mac Os X.

Vulnerability Description

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Bzip	Bzip2	< 1.0.3
Canonical	Ubuntu Linux	4.10
Debian	Debian Linux	3.0
Apple	Mac Os X	< 10.4.11

Related Weaknesses (CWE)

CWE-400

References

ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.ascBroken Link
http://docs.info.apple.com/article.html?artnum=307041Broken Link
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/15447Third Party Advisory
http://secunia.com/advisories/19183Third Party Advisory
http://secunia.com/advisories/27274Third Party Advisory
http://secunia.com/advisories/27643Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1Broken Link
http://www.debian.org/security/2005/dsa-741Third Party Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bziPermissions Required
http://www.redhat.com/support/errata/RHSA-2005-474.htmlThird Party Advisory
http://www.securityfocus.com/bid/13657Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/26444Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2005-1260?

CVE-2005-1260 is a vulnerability with a CVSS score of 5.0 (MEDIUM). bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

How severe is CVE-2005-1260?

CVE-2005-1260 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1260?

Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2, Canonical Ubuntu Linux, Debian Debian Linux, Apple Mac Os X.