Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0761

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Published

2002-08-12T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bzip bzip2 0.9.0 Yes
Application bzip bzip2 0.9.0a Yes
Application bzip bzip2 0.9.0b Yes
Application bzip bzip2 0.9.0c Yes
Application bzip bzip2 0.9.5a Yes
Application bzip bzip2 0.9.5b Yes
Application bzip bzip2 0.9.5c Yes
Application bzip bzip2 0.9.5d Yes
Application bzip bzip2 1.0 Yes
Application bzip bzip2 1.0.1 Yes
References