CVE-2002-0760 - OpenCVE

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:H/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bzip	Bzip2

Configuration 1 [-]

OR	cpe:2.3:a:bzip:bzip2:0.9.0:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5d:::::::*
	cpe:2.3:a:bzip:bzip2:1.0:::::::*
	cpe:2.3:a:bzip:bzip2:1.0.1:::::::*

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc	Patch Vendor Advisory
http://www.iss.net/security_center/static/9127.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/4775	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2003-03-24T00:00:00

Reserved: 2002-07-25T00:00:00

Link: CVE-2002-0760

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2008-09-05T20:28:52.757

Link: CVE-2002-0760

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "bzip2-decompression-race-condition(9127)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9127.php"}, {"name": "CSSA-2002-039.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "4775", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4775"}, {"name": "FreeBSD-SA-02:25", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0760", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "bzip2-decompression-race-condition(9127)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9127.php"}, {"name": "CSSA-2002-039.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "4775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4775"}, {"name": "FreeBSD-SA-02:25", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0760", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-07-25T00:00:00", "dateUpdated": "2003-03-24T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "325C63C7-740D-42E1-B8B1-51125DE57F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", "matchCriteriaId": "550690C7-32D0-4126-B272-D2254A2EF434", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", "matchCriteriaId": "DFE746CF-6890-4259-A9DB-5F77B592D1E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", "matchCriteriaId": "6C95FE39-842A-45D1-A858-D438C0C15B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", "matchCriteriaId": "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", "matchCriteriaId": "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", "matchCriteriaId": "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E55F00B1-D48B-40A6-872F-959598D7E6E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed."}, {"lang": "es", "value": "Condici\u00f3n de Carrera (Race condition) en bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, descomprime ficheros con permiso de lectura a todo el mundo antes de establecer los permisos especificados en el archivo bzip2, lo cual podr\u00eda permitir a usuarios locales la lectura de ficheros seg\u00fan estan siendo descomprimidos."}], "id": "CVE-2002-0760", "lastModified": "2008-09-05T20:28:52.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9127.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4775"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}