Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0296

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2013-0296
Last Modified 28 Apr 2014 03:28:07
Published 27 Apr 2014 05:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0296

Summary

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.

Vulnerable Systems

Application

  • Zlib Pigz 2.2.4-1


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608

MLIST - [oss-security] 20130215 Re: CVE# request: pigz creates temp file with insecure permissions

MLIST - [oss-security] 20130215 CVE# request: pigz creates temp file with insecure permissions

MLIST - [pigz-announce] 20120728 pigz version 2.2.5 released

SUSE - openSUSE-SU-2013:0540


Last Updated: 27 May 2016 11:05:06