Vulnerability Details CVE-2002-0761
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.3%
CVSS Severity
CVSS v2 Score 2.1
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
- http://www.iss.net/security_center/static/9128.php
- http://www.securityfocus.com/bid/4776
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
- http://www.iss.net/security_center/static/9128.php
- http://www.securityfocus.com/bid/4776
Products affected by CVE-2002-0761
-
cpe:2.3:a:bzip:bzip2:0.9.0
-
cpe:2.3:a:bzip:bzip2:0.9.0a
-
cpe:2.3:a:bzip:bzip2:0.9.0b
-
cpe:2.3:a:bzip:bzip2:0.9.0c
-
cpe:2.3:a:bzip:bzip2:0.9.5a
-
cpe:2.3:a:bzip:bzip2:0.9.5b
-
cpe:2.3:a:bzip:bzip2:0.9.5c
-
cpe:2.3:a:bzip:bzip2:0.9.5d
-
cpe:2.3:a:bzip:bzip2:1.0
-
cpe:2.3:a:bzip:bzip2:1.0.1