Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4089

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-4089
Last Modified 17 Apr 2014 10:15:21
Published 16 Apr 2014 02:37:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4089

Summary

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Vulnerable Systems

Application

  • Bzip2 1.0

  • Bzip2 1.0.1

  • Bzip2 1.0.2

  • Bzip2 1.0.3

  • Bzip2 1.0.4


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862

UBUNTU - USN-1308-1

MLIST - [oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure temporary file

EXPLOIT-DB - 18147

FULLDISC - 20111025 Re: Symlink vulnerabilities


Last Updated: 27 May 2016 11:05:00