Lucene search

K
freebsdFreeBSD197F444F-E8EF-11D9-B875-0001020EED82
HistoryMar 30, 2005 - 12:00 a.m.

bzip2 -- denial of service and permission race vulnerabilities

2005-03-3000:00:00
vuxml.freebsd.org
17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

86.1%

Problem Description
Two problems have been discovered relating to the
extraction of bzip2-compressed files. First, a carefully
constructed invalid bzip2 archive can cause bzip2 to enter
an infinite loop. Second, when creating a new file, bzip2
closes the file before setting its permissions.
Impact
The first problem can cause bzip2 to extract a bzip2
archive to an infinitely large file. If bzip2 is used in
automated processing of untrusted files this could be
exploited by an attacker to create an denial-of-service
situation by exhausting disk space or by consuming all
available cpu time.
The second problem can allow a local attacker to change the
permissions of local files owned by the user executing bzip2
providing that they have write access to the directory in
which the file is being extracted.
Workaround
Do not uncompress bzip2 archives from untrusted sources and
do not uncompress files in directories where untrusted users
have write access.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 5.4UNKNOWN
FreeBSDanynoarchfreebsd< 5.4_3UNKNOWN
FreeBSDanynoarchbzip2< 1.0.3_1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

86.1%