Back to search
CVE-2005-0953
Published: Apr 3, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:1154
vdb-entry
signature
x_refsource_OVAL
FLSA:158801
vendor-advisory
x_refsource_FEDORA
26444
vdb-entry
x_refsource_BID
bzip2-toctou-symlink(19926)
vdb-entry
x_refsource_XF
DSA-730
vendor-advisory
x_refsource_DEBIAN
OpenPKG-SA-2007.002
vendor-advisory
x_refsource_OPENPKG
oval:org.mitre.oval:def:10902
vdb-entry
signature
x_refsource_OVAL
27274
third-party-advisory
x_refsource_SECUNIA
20070109 rPSA-2007-0004-1 bzip2
mailing-list
x_refsource_BUGTRAQ
200191
vendor-advisory
x_refsource_SUNALERT
APPLE-SA-2007-11-14
vendor-advisory
x_refsource_APPLE
http://docs.info.apple.com/article.html?artnum=307041
x_refsource_CONFIRM
ADV-2007-3525
vdb-entry
x_refsource_VUPEN
ADV-2007-3868
vdb-entry
x_refsource_VUPEN
29940
third-party-advisory
x_refsource_SECUNIA
27643
third-party-advisory
x_refsource_SECUNIA
12954
vdb-entry
x_refsource_BID
19183
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:026
vendor-advisory
x_refsource_MANDRIVA
RHSA-2005:474
vendor-advisory
x_refsource_REDHAT
TA07-319A
third-party-advisory
x_refsource_CERT
20050330 bzip2 TOCTOU file-permissions vulnerability
mailing-list
x_refsource_BUGTRAQ
103118
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now