CVE-2002-0761

2003-04-0205:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc

www.iss.net/security_center/static/9128.php

www.securityfocus.com/bid/4776