| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Jan 2007 21:59:14 +0100
From: OpenPKG GmbH <openpkg-noreply@...npkg.com>
To: bugtraq@...urityfocus.com
Subject: [OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____________________________________________________________________________
Publisher Name: OpenPKG GmbH
Publisher Home: http://openpkg.com/
Advisory Id (public): OpenPKG-SA-2007.002
Advisory Type: OpenPKG Security Advisory (SA)
Advisory Directory: http://openpkg.com/go/OpenPKG-SA
Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.002
Advisory Published: 2007-01-05 21:58 UTC
Issue Id (internal): OpenPKG-SI-20070105.01
Issue First Created: 2007-01-05
Issue Last Modified: 2007-01-05
Issue Revision: 04
____________________________________________________________________________
Subject Name: bzip2
Subject Summary: Compression Tool
Subject Home: http://www.bzip.org/
Subject Versions: * <= 1.0.3
Vulnerability Id: CVE-2005-0953, CVE-2005-0758
Vulnerability Scope: global (not OpenPKG specific)
Attack Feasibility: run-time
Attack Vector: local system
Attack Impact: manipulation of data, arbitrary code execution
Description:
Together with two portability and stability issues, two older
security issues were fixed in the compression tool BZip2 [0], versions
up to and including 1.0.3.
The first issue is a race condition which allows local users to
modify permissions of arbitrary files via a hard link attack on a
file while it is being decompressed, whose permissions are changed
by bzip2 after the decompression is complete.
The second issue affects the script bzgrep(1). It does not properly
sanitize arguments, which allows local users to execute arbitrary
commands via filenames that are injected into a sed(1) script.
References:
[0] http://www.bzip.org/
____________________________________________________________________________
Primary Package Name: bzip2
Primary Package Home: http://openpkg.org/go/package/bzip2
Corrected Distribution: Corrected Branch: Corrected Package:
OpenPKG Enterprise E1.0-SOLID bzip2-1.0.3-E1.0.1
OpenPKG Enterprise E1.0-SOLID openpkg-E1.0.2-E1.0.2
OpenPKG Community 2-STABLE-20061018 bzip2-1.0.4-2.20070105
OpenPKG Community 2-STABLE-20061018 openpkg-2.20070105-2.20070105
OpenPKG Community 2-STABLE bzip2-1.0.4-2.20070105
OpenPKG Community 2-STABLE openpkg-2.20070105-2.20070105
OpenPKG Community CURRENT bzip2-1.0.4-20070105
OpenPKG Community CURRENT openpkg-20070105-20070105
____________________________________________________________________________
For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>
iD8DBQFFnrwRZwQuyWG3rjQRAgkdAJ9YBx7auj7ursOTj5M/78Kq3SlGlACfc0aV
2IRFnTk4CCJwa9FPgv1z7c0=
=Iq2w
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists