Описание
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00115
Низкий
1.2 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
EPSS
Процентиль: 31%
0.00115
Низкий
1.2 Low
CVSS2
Дефекты
NVD-CWE-Other