Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0760

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Published

2002-08-12T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 1.2 (LOW)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

1.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bzip bzip2 0.9.0 Yes
Application bzip bzip2 0.9.0a Yes
Application bzip bzip2 0.9.0b Yes
Application bzip bzip2 0.9.0c Yes
Application bzip bzip2 0.9.5a Yes
Application bzip bzip2 0.9.5b Yes
Application bzip bzip2 0.9.5c Yes
Application bzip bzip2 0.9.5d Yes
Application bzip bzip2 1.0 Yes
Application bzip bzip2 1.0.1 Yes
References