Vulnerability Description
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | <= 1.0.4 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2011/Oct/804
- http://www.exploit-db.com/exploits/18147Exploit
- http://www.openwall.com/lists/oss-security/2011/10/28/16
- http://www.ubuntu.com/usn/USN-1308-1Patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862Patch
- http://seclists.org/fulldisclosure/2011/Oct/804
- http://www.exploit-db.com/exploits/18147Exploit
- http://www.openwall.com/lists/oss-security/2011/10/28/16
- http://www.ubuntu.com/usn/USN-1308-1Patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862Patch
FAQ
What is CVE-2011-4089?
CVE-2011-4089 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precr...
How severe is CVE-2011-4089?
CVE-2011-4089 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4089?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2.