CVE-2002-0761 - OpenCVE

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bzip	Bzip2

Configuration 1 [-]

OR	cpe:2.3:a:bzip:bzip2:0.9.0:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5d:::::::*
	cpe:2.3:a:bzip:bzip2:1.0:::::::*
	cpe:2.3:a:bzip:bzip2:1.0.1:::::::*

No data.

References

Link	Providers
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.iss.net/security_center/static/9128.php
http://www.securityfocus.com/bid/4776

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2024-08-08T03:03:49.251Z

Reserved: 2002-07-25T00:00:00

Link: CVE-2002-0761

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2008-09-05T20:28:52.927

Link: CVE-2002-0761

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "bzip2-compression-symlink(9128)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9128.php"}, {"name": "CSSA-2002-039.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "4776", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4776"}, {"name": "FreeBSD-SA-02:25", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0761", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "bzip2-compression-symlink(9128)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9128.php"}, {"name": "CSSA-2002-039.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "4776", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4776"}, {"name": "FreeBSD-SA-02:25", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:03:49.251Z"}, "title": "CVE Program Container", "references": [{"name": "bzip2-compression-symlink(9128)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/9128.php"}, {"name": "CSSA-2002-039.0", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "4776", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4776"}, {"name": "FreeBSD-SA-02:25", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0761", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-07-25T00:00:00", "dateUpdated": "2024-08-08T03:03:49.251Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "325C63C7-740D-42E1-B8B1-51125DE57F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", "matchCriteriaId": "550690C7-32D0-4126-B272-D2254A2EF434", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", "matchCriteriaId": "DFE746CF-6890-4259-A9DB-5F77B592D1E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", "matchCriteriaId": "6C95FE39-842A-45D1-A858-D438C0C15B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", "matchCriteriaId": "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", "matchCriteriaId": "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", "matchCriteriaId": "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E55F00B1-D48B-40A6-872F-959598D7E6E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."}, {"lang": "es", "value": "bzip2 anterioes a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, utilizan los permisos de enlaces simb\u00f3licos (symbolic links) en lugar de los del archivo actual cuando crea un nuevo fichero, lo cual podr\u00eda causar que el fichero fuese extraido con unos permisos menos restrictivos de lo que se pretend\u00eda."}], "id": "CVE-2002-0761", "lastModified": "2008-09-05T20:28:52.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9128.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4776"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}