bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
References
| Link | Resource |
|---|---|
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | Patch Vendor Advisory |
| http://www.iss.net/security_center/static/9128.php | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/4776 | Patch Vendor Advisory |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc | Patch Vendor Advisory |
| http://www.iss.net/security_center/static/9128.php | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/4776 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt - | |
| References | () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc - Patch, Vendor Advisory | |
| References | () http://www.iss.net/security_center/static/9128.php - Patch, Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/4776 - Patch, Vendor Advisory |
Information
Published : 2002-08-12 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0761
Mitre link : CVE-2002-0761
CVE.ORG link : CVE-2002-0761
JSON object : View
Products Affected
bzip
- bzip2
CWE