Executive Summary
Summary | |
---|---|
Title | bzip2 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-127-1 | First vendor Publication | 2005-05-17 |
Vendor | Ubuntu | Last vendor Modification | 2005-05-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: bzip2 libbz2-1.0 The problem can be corrected by upgrading the affected package to version 1.0.2-1ubuntu0.1 (for Ubuntu 4.10), or 1.0.2-2ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Imran Ghory discovered a race condition in the file permission restore code of bunzip2. While a user was decompressing a file, a local attacker with write permissions in the directory of that file could replace the target file with a hard link. This would cause bzip2 to restore the file permissions to the hard link target instead of to the bzip2 output file, which could be exploited to gain read or even write access to files of other users. (CAN-2005-0953) Specially crafted bzip2 archives caused an infinite loop in the decompressor which resulted in an indefinitively large output file ("decompression bomb"). This could be exploited to a Denial of Service attack due to disk space exhaustion on systems which automatically process user supplied bzip2 compressed files. (CAN-2005-1260) |
Original Source
Url : http://www.ubuntu.com/usn/USN-127-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10700 | |||
Oval ID: | oval:org.mitre.oval:def:10700 | ||
Title: | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | ||
Description: | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1260 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10902 | |||
Oval ID: | oval:org.mitre.oval:def:10902 | ||
Title: | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | ||
Description: | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0953 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1154 | |||
Oval ID: | oval:org.mitre.oval:def:1154 | ||
Title: | bzip2 Arbitrary File Permission Modification Vulnerability | ||
Description: | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0953 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | bzip2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:749 | |||
Oval ID: | oval:org.mitre.oval:def:749 | ||
Title: | bzip2 Decompression Bomb | ||
Description: | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1260 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | bzip2 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for bzip2 File : nvt/sles9p5010943.nasl |
2008-09-04 | Name : FreeBSD Ports: bzip2 File : nvt/freebsd_bzip2.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:14.bzip2.asc) File : nvt/freebsdsa_bzip2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 730-1 (bzip2) File : nvt/deb_730_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 741-1 (bzip2) File : nvt/deb_741_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16767 | bzip2 Malformed Archive Decompression DoS bzip2 contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of malformed bzip2 archives. It is possible for a remote attacker to send a malformed archive, which will cause the application to go into an infinite loop and consume a large amount of disk space and CPU resources, resulting in a loss of availability. |
15237 | bzip2 Race Condition Arbitrary File Permission Modification |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10057.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_11.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-474.nasl - Type : ACT_GATHER_INFO |
2006-02-01 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-026.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-127-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_197f444fe8ef11d9b8750001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-741.nasl - Type : ACT_GATHER_INFO |
2005-06-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-730.nasl - Type : ACT_GATHER_INFO |
2005-06-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-474.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-091.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:17 |
|
2013-05-11 12:25:01 |
|