CVE-2005-0953

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0953

bzip2

vulnerability

file permissions

hard link attack

decompression

nvd

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

Affected configurations

NVD

Node

bzipbzip2Match0.9

bzipbzip2Match0.9.5_a

bzipbzip2Match0.9.5_b

bzipbzip2Match0.9.5_c

bzipbzip2Match0.9.5_d

bzipbzip2Match0.9_a

bzipbzip2Match0.9_b

bzipbzip2Match0.9_c

bzipbzip2Match1.0

bzipbzip2Match1.0.1

bzipbzip2Match1.0.2

VendorProductVersionCPE
bzipbzip20.9+ccpe:/a:bzip:bzip2:0.9+c:::
bzipbzip21.0.1cpe:/a:bzip:bzip2:1.0.1:::
bzipbzip21.0.2cpe:/a:bzip:bzip2:1.0.2:::
bzipbzip20.9.5+ccpe:/a:bzip:bzip2:0.9.5+c:::
bzipbzip20.9.5+dcpe:/a:bzip:bzip2:0.9.5+d:::
bzipbzip20.9.5+bcpe:/a:bzip:bzip2:0.9.5+b:::
bzipbzip20.9cpe:/a:bzip:bzip2:0.9:::
bzipbzip20.9+acpe:/a:bzip:bzip2:0.9+a:::
bzipbzip21.0cpe:/a:bzip:bzip2:1.0:::
bzipbzip20.9+bcpe:/a:bzip:bzip2:0.9+b:::

Vendor	Product	Version	CPE
bzip	bzip2	0.9+c	cpe:/a:bzip:bzip2:0.9+c:::
bzip	bzip2	1.0.1	cpe:/a:bzip:bzip2:1.0.1:::
bzip	bzip2	1.0.2	cpe:/a:bzip:bzip2:1.0.2:::
bzip	bzip2	0.9.5+c	cpe:/a:bzip:bzip2:0.9.5+c:::
bzip	bzip2	0.9.5+d	cpe:/a:bzip:bzip2:0.9.5+d:::
bzip	bzip2	0.9.5+b	cpe:/a:bzip:bzip2:0.9.5+b:::
bzip	bzip2	0.9	cpe:/a:bzip:bzip2:0.9:::
bzip	bzip2	0.9+a	cpe:/a:bzip:bzip2:0.9+a:::
bzip	bzip2	1.0	cpe:/a:bzip:bzip2:1.0:::
bzip	bzip2	0.9+b	cpe:/a:bzip:bzip2:0.9+b:::