CVE-2005-0953
published 2005-05-02CVE-2005-0953: Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being…
PriorityP411low3.7CVSS 2.0
AVLACHAuNCPIPAP
EPSS
0.40%
31.9th percentile
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | — | — |
| bzip | bzip2 | >= 0 < 1.0.2-6 | 1.0.2-6 |
| bzip | bzip2 | >= 0 < 1.0.2-6 | 1.0.2-6 |
| bzip | bzip2 | >= 0 < 1.0.2-6 | 1.0.2-6 |
| bzip | bzip2 | >= 0 < 1.0.2-6 | 1.0.2-6 |
| debian | bzip2 | < bzip2 1.0.2-6 (bookworm) | bzip2 1.0.2-6 (bookworm) |
CVSS provenance
nvdv2.03.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P
osv3.7LOW
vendor_debian3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9fjc-6jmw-8r3m: Race condition in bzip2 1
ghsa_unreviewed·2022-05-03
CVE-2005-0953 [LOW] GHSA-9fjc-6jmw-8r3m: Race condition in bzip2 1
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
OSV
CVE-2005-0953: Race condition in bzip2 1
osv·2005-05-02·CVSS 3.7
CVE-2005-0953 [LOW] CVE-2005-0953: Race condition in bzip2 1
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
BSD
FreeBSD-SA-05:14.bzip2: bzip2 denial of service and permission race vulnerabilities
bsd_advisories·2005-06-29
FreeBSD-SA-05:14.bzip2: bzip2 denial of service and permission race vulnerabilities
FreeBSD-SA-05:14.bzip2 Security Advisory
The FreeBSD Project
Topic: bzip2 denial of service and permission race vulnerabilities
Category: contrib
Module: contrib_bzip2
Announced: 2005-06-29
Credits: Imran Ghory, Chris Evans
Affects: All FreeBSD releases
Corrected: 2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE)
2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3)
2005-06-29 21:42:33 UTC (RELENG_5_3, 5.3-RELEASE-p17)
2005-06-29 21:43:42 UTC (RELENG_4, 4.11-STABLE)
2005-06-29 21:45:14 UTC (RELENG_4_11, 4.11-RELEASE-p11)
2005-06-29 21:46:15 UTC (RELENG_4_10, 4.10-RELEASE-p16)
CVE Name: CAN-2005-0953, CAN-2005-1260
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
.
I. Backgr
Ubuntu
bzip2 vulnerabilities
vendor_ubuntu·2005-05-17
CVE-2005-1260 bzip2 vulnerabilities
Title: bzip2 vulnerabilities
Summary: bzip2 vulnerabilities
Imran Ghory discovered a race condition in the file permission restore
code of bunzip2. While a user was decompressing a file, a local
attacker with write permissions in the directory of that file could
replace the target file with a hard link. This would cause bzip2 to
restore the file permissions to the hard link target instead of to the
bzip2 output file, which could be exploited to gain read or even write
access to files of other users. (CAN-2005-0953)
Specially crafted bzip2 archives caused an infinite loop in the
decompressor which resulted in an indefinitively large output file
("decompression bomb"). This could be exploited to a Denial of Service
attack due to disk space exhaustion on systems which automatically
process
Red Hat
security flaw
vendor_redhat·2005-03-30·CVSS 3.7
CVE-2005-0953 [LOW] security flaw
security flaw
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-0953: bzip2 - Race condition in bzip2 1.0.2 and earlier allows local users to modify permissio...
vendor_debian·2005·CVSS 3.7
CVE-2005-0953 [LOW] CVE-2005-0953: bzip2 - Race condition in bzip2 1.0.2 and earlier allows local users to modify permissio...
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Scope: local
bookworm: resolved (fixed in 1.0.2-6)
bullseye: resolved (fixed in 1.0.2-6)
forky: resolved (fixed in 1.0.2-6)
sid: resolved (fixed in 1.0.2-6)
trixie: resolved (fixed in 1.0.2-6)
No detection rules found.
No public exploits indexed.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.ascftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://marc.info/?l=bugtraq&m=111229375217633&w=2http://secunia.com/advisories/19183http://secunia.com/advisories/27274http://secunia.com/advisories/27643http://secunia.com/advisories/29940http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1http://www.debian.org/security/2005/dsa-730http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:026http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlhttp://www.redhat.com/support/errata/RHSA-2005-474.htmlhttp://www.securityfocus.com/archive/1/456430/30/8730/threadedhttp://www.securityfocus.com/bid/12954http://www.securityfocus.com/bid/26444http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/3525http://www.vupen.com/english/advisories/2007/3868https://exchange.xforce.ibmcloud.com/vulnerabilities/19926https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.ascftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.aschttp://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://marc.info/?l=bugtraq&m=111229375217633&w=2http://secunia.com/advisories/19183http://secunia.com/advisories/27274http://secunia.com/advisories/27643http://secunia.com/advisories/29940http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1http://www.debian.org/security/2005/dsa-730http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:026http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlhttp://www.redhat.com/support/errata/RHSA-2005-474.htmlhttp://www.securityfocus.com/archive/1/456430/30/8730/threadedhttp://www.securityfocus.com/bid/12954http://www.securityfocus.com/bid/26444http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/3525http://www.vupen.com/english/advisories/2007/3868https://exchange.xforce.ibmcloud.com/vulnerabilities/19926https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
2005-05-02
Published