Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0953

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2005-0953
Last Modified 07 Mar 2011 09:20:52
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-0953

Summary

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

Vulnerable Systems

Application

  • Bzip2 0.9

  • Bzip2 0.9 A

  • Bzip2 0.9 B

  • Bzip2 0.9 C

  • Bzip2 0.9.5 A

  • Bzip2 0.9.5 B

  • Bzip2 0.9.5 C

  • Bzip2 0.9.5 D

  • Bzip2 1.0

  • Bzip2 1.0.1

  • Bzip2 1.0.2


References

CERT - TA07-319A

DEBIAN - DSA-730

XF - bzip2-toctou-symlink(19926)

VUPEN - ADV-2007-3868

VUPEN - ADV-2007-3525

BID - 12954

BUGTRAQ - 20070109 rPSA-2007-0004-1 bzip2

BUGTRAQ - 20050330 bzip2 TOCTOU file-permissions vulnerability

BID - 26444

REDHAT - RHSA-2005:474

OPENPKG - OpenPKG-SA-2007.002

MANDRIVA - MDKSA-2006:026

FEDORA - FLSA:158801

SUNALERT - 200191

SUNALERT - 103118

SECUNIA - 29940

SECUNIA - 27643

SECUNIA - 27274

SECUNIA - 19183

APPLE - APPLE-SA-2007-11-14

CONFIRM - http://docs.info.apple.com/article.html?artnum=307041

SGI - 20060301-01-U

NETBSD - NetBSD-SA2008-004

Related Patches

Apple 2007-11-14 Mac OS X 10.4.11 Update (PPC)

Apple 2007-11-14 Mac OS X 10.4.11 Combo Update (PPC)

Apple 2007-11-14 Mac OS X Server 10.4.11 Combo Update (PPC)

Apple 2007-11-14 Mac OS X Server 10.4.11 Update (PPC)


Last Updated: 27 May 2016 10:39:58