CVE-2002-0760Permission Race Condition During Resource Copy in Bzip2

CWE-689Permission Race Condition During Resource Copy3 documents3 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 69.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bzip Bzip2
Timeline
PublishedAug 12
Latest updateMay 3

Description

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages1 packages

NVDbzip/bzip210 versions+9

Patches

Patch: ftp.freebsd.orgPatch: www.iss.netPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-4rcq-48gc-62g8: Race condition in bzip2 before 12022-05-03

📐Framework References

1
CWE
Permission Race Condition During Resource Copy
CVE-2002-0760 — Bzip Bzip2 vulnerability | cvebase