Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0759

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0759
Last Modified 05 Sep 2008 04:28:52
Published 12 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0759

Summary

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Vulnerable Systems

Application

  • Bzip2 0.9.0

  • Bzip2 0.9.0a

  • Bzip2 0.9.0b

  • Bzip2 0.9.0c

  • Bzip2 0.9.5a

  • Bzip2 0.9.5b

  • Bzip2 0.9.5c

  • Bzip2 0.9.5d

  • Bzip2 1.0

  • Bzip2 1.0.1


References

BID - 4774

XF - bzip2-decompression-file-overwrite(9126)

FREEBSD - FreeBSD-SA-02:25

CALDERA - CSSA-2002-039.0


Last Updated: 27 May 2016 10:37:04