CVE-2005-0953

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc

ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc

http://docs.info.apple.com/article.html?artnum=307041

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

http://marc.info/?l=bugtraq&m=111229375217633&w=2

http://secunia.com/advisories/19183

http://secunia.com/advisories/27274

http://secunia.com/advisories/27643

http://secunia.com/advisories/29940

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1

http://www.debian.org/security/2005/dsa-730

http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:026

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html

http://www.redhat.com/support/errata/RHSA-2005-474.html

http://www.securityfocus.com/archive/1/456430/30/8730/threaded

http://www.securityfocus.com/bid/12954

http://www.securityfocus.com/bid/26444

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

http://www.vupen.com/english/advisories/2007/3525

http://www.vupen.com/english/advisories/2007/3868

https://exchange.xforce.ibmcloud.com/vulnerabilities/19926

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154

Details

Source: MITRE

Published: 2005-05-02

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 3.7

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 1.9

Severity: LOW

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
4284Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)Nessus Network MonitorOperating System Detection
critical
28212Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)NessusMacOS X Local Security Checks
critical
21829CentOS 3 / 4 : bzip2 (CESA-2005:474)NessusCentOS Local Security Checks
medium
20831Mandrake Linux Security Advisory : bzip2 (MDKSA-2006:026)NessusMandriva Local Security Checks
medium
20517Ubuntu 4.10 / 5.04 : bzip2 vulnerabilities (USN-127-1)NessusUbuntu Local Security Checks
medium
18853FreeBSD : bzip2 -- denial of service and permission race vulnerabilities (197f444f-e8ef-11d9-b875-0001020eed82)NessusFreeBSD Local Security Checks
medium
18517Debian DSA-730-1 : bzip2 - race conditionNessusDebian Local Security Checks
low
18510RHEL 2.1 / 3 / 4 : bzip2 (RHSA-2005:474)NessusRed Hat Local Security Checks
medium
18307Mandrake Linux Security Advisory : bzip2 (MDKSA-2005:091)NessusMandriva Local Security Checks
medium