bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
References
Link | Resource |
---|---|
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | Patch Vendor Advisory |
http://www.iss.net/security_center/static/9128.php | Patch Vendor Advisory |
http://www.securityfocus.com/bid/4776 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2002-08-12 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2002-0761
Mitre link : CVE-2002-0761
CVE.ORG link : CVE-2002-0761
JSON object : View
Products Affected
bzip
- bzip2
CWE