Debian Security Advisory DSA 730-1 (bzip2) Network Vulnerability

Summary

The remote host is missing an update to bzip2 announced via advisory DSA 730-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20730-1

Insight

Imran Ghory discovered a race condition in bzip2, a high-quality block-sorting file compressor and decompressor. When decompressing a file in a directory an attacker has access to, bunzip2 could be tricked to set the file permissions to a different file the user has permissions to. For the stable distribution (woody) this problem has been fixed in version 1.0.2-1.woody2 For the testing distribution (sarge) this problem has been fixed in version 1.0.2-6. For the unstable distribution (sid) this problem has been fixed in version 1.0.2-6. We recommend that you upgrade your bzip2 packages.

Severity

Classification

CVE CVE-2005-0953
CVSS Base Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1255-1 (libgtop2)
Debian Security Advisory DSA 2625-1 (wireshark - several vulnerabilities)
Debian Security Advisory DSA 256-1 (mhc)
Debian Security Advisory DSA 1128-1 (heartbeat)
Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)

Take action and discover your vulnerabilities