FreeBSD : bzip2 -- denial of service and permission race vulnerabilities (197f444f-e8ef-11d9-b875-0001020eed82)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem Description Two problems have been discovered relating to the
extraction of bzip2-compressed files. First, a carefully constructed
invalid bzip2 archive can cause bzip2 to enter an infinite loop.
Second, when creating a new file, bzip2 closes the file before setting
its permissions. Impact The first problem can cause bzip2 to extract a
bzip2 archive to an infinitely large file. If bzip2 is used in
automated processing of untrusted files this could be exploited by an
attacker to create an denial-of-service situation by exhausting disk
space or by consuming all available cpu time.

The second problem can allow a local attacker to change the
permissions of local files owned by the user executing bzip2 providing
that they have write access to the directory in which the file is
being extracted. Workaround Do not uncompress bzip2 archives from
untrusted sources and do not uncompress files in directories where
untrusted users have write access.

See also :

http://scary.beasts.org/security/CESA-2005-002.txt
http://www.nessus.org/u?c29de1a3

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18853 (freebsd_pkg_197f444fe8ef11d9b8750001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0953
CVE-2005-1260

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now