CVE - CVE-2005-0953

CVE-ID
CVE-2005-0953	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20050330 bzip2 TOCTOU file-permissions vulnerability URL:http://marc.info/?l=bugtraq&m=111229375217633&w=2 BUGTRAQ:20070109 rPSA-2007-0004-1 bzip2 URL:http://www.securityfocus.com/archive/1/456430/30/8730/threaded CONFIRM:http://docs.info.apple.com/article.html?artnum=307041 APPLE:APPLE-SA-2007-11-14 URL:http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html DEBIAN:DSA-730 URL:http://www.debian.org/security/2005/dsa-730 FEDORA:FLSA:158801 URL:http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html MANDRIVA:MDKSA-2006:026 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 NETBSD:NetBSD-SA2008-004 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc OPENPKG:OpenPKG-SA-2007.002 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html REDHAT:RHSA-2005:474 URL:http://www.redhat.com/support/errata/RHSA-2005-474.html SGI:20060301-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc SUNALERT:103118 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 SUNALERT:200191 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 CERT:TA07-319A URL:http://www.us-cert.gov/cas/techalerts/TA07-319A.html BID:12954 URL:http://www.securityfocus.com/bid/12954 BID:26444 URL:http://www.securityfocus.com/bid/26444 OVAL:oval:org.mitre.oval:def:10902 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902 VUPEN:ADV-2007-3525 URL:http://www.vupen.com/english/advisories/2007/3525 VUPEN:ADV-2007-3868 URL:http://www.vupen.com/english/advisories/2007/3868 OVAL:oval:org.mitre.oval:def:1154 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154 SECUNIA:19183 URL:http://secunia.com/advisories/19183 SECUNIA:27274 URL:http://secunia.com/advisories/27274 SECUNIA:27643 URL:http://secunia.com/advisories/27643 SECUNIA:29940 URL:http://secunia.com/advisories/29940 XF:bzip2-toctou-symlink(19926) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Assigning CNA
N/A
Date Entry Created
20050403	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050403)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org