Lucene search
HistoryAug 12, 2002 - 4:00 a.m.
CVE-2002-0760
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Affected configurations
Node
bzipbzip2Match0.9.0
ORbzipbzip2Match0.9.0a
ORbzipbzip2Match0.9.0b
ORbzipbzip2Match0.9.0c
ORbzipbzip2Match0.9.5a
ORbzipbzip2Match0.9.5b
ORbzipbzip2Match0.9.5c
ORbzipbzip2Match0.9.5d
ORbzipbzip2Match1.0
ORbzipbzip2Match1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bzip | bzip2 | 0.9.0 | cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0a | cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0b | cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.0c | cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5a | cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5b | cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5c | cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:* |
| bzip | bzip2 | 0.9.5d | cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:* |
| bzip | bzip2 | 1.0 | cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:* |
| bzip | bzip2 | 1.0.1 | cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:* |
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2002-0760