Lucene search
MitreCVE-2002-0760HistoryApr 02, 2003 - 5:00 a.m.
CVE-2002-0760
2003-04-0205:00:00
mitre
web.nvd.nist.gov
25
cve-2002-0760
bzip2
race condition
file permissions
decompression
security vulnerability
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
5.1%
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Affected configurations
Node
bzipbzip2Match0.9.0
ORbzipbzip2Match0.9.0a
ORbzipbzip2Match0.9.0b
ORbzipbzip2Match0.9.0c
ORbzipbzip2Match0.9.5a
ORbzipbzip2Match0.9.5b
ORbzipbzip2Match0.9.5c
ORbzipbzip2Match0.9.5d
ORbzipbzip2Match1.0
ORbzipbzip2Match1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bzip | bzip2 | 0.9.0 | cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0a | cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0b | cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0c | cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5a | cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5b | cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5c | cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5d | cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:* |
| bzip | bzip2 | 1.0 | cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:* |
| bzip | bzip2 | 1.0.1 | cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:* |
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2002-0760