Back to search
CVE-2011-4089
Published: Apr 16, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20111025 Re: Symlink vulnerabilities
mailing-list
x_refsource_FULLDISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862
x_refsource_CONFIRM
USN-1308-1
vendor-advisory
x_refsource_UBUNTU
18147
exploit
x_refsource_EXPLOIT-DB
[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure temporary file
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now