FreeBSD : bzip2 -- denial of service and permission race vulnerabilities (197f444f-e8ef-11d9-b875-0001020eed82)

medium Nessus Plugin ID 18853
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop.
Second, when creating a new file, bzip2 closes the file before setting its permissions. Impact The first problem can cause bzip2 to extract a bzip2 archive to an infinitely large file. If bzip2 is used in automated processing of untrusted files this could be exploited by an attacker to create an denial-of-service situation by exhausting disk space or by consuming all available cpu time.

The second problem can allow a local attacker to change the permissions of local files owned by the user executing bzip2 providing that they have write access to the directory in which the file is being extracted. Workaround Do not uncompress bzip2 archives from untrusted sources and do not uncompress files in directories where untrusted users have write access.

Solution

Update the affected package.

See Also

http://scary.beasts.org/security/CESA-2005-002.txt

http://www.nessus.org/u?40d21417

Plugin Details

Severity: Medium

ID: 18853

File Name: freebsd_pkg_197f444fe8ef11d9b8750001020eed82.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bzip2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 6/29/2005

Vulnerability Publication Date: 3/30/2005

Reference Information

CVE: CVE-2005-0953, CVE-2005-1260

FreeBSD: SA-05:14.bzip2