Conectiva Local Security Checks : Conectiva Security Advisory CLA-2005:972 (bzip2)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.55065

Category: Conectiva Local Security Checks

Title: Conectiva Security Advisory CLA-2005:972 (bzip2)

Summary: Conectiva Security Advisory CLA-2005:972 (bzip2)

Description:
The remote host is missing updates announced in
advisory CLA-2005:972.

A race condition vulnerability in the file permission restore
code of bunzip2 was discovered by Imran Ghory. While a user was
decompressing a file, a local attacker with write permissions to
the directory containing the uncompressed file could replace the
target file with a hard link which would cause bunzip2 to restore
the file permissions of the original file to the hard link target.
This could be exploited to gain read or write access to files
of other users.

A vulnerability was found where specially crafted bzip2 archives
would cause an infinite loop in the decompressor, resulting in
an indefinitively large output file (also known as a 'decompression
bomb'). This could be exploited to cause a Denial of Service attack
on the host computer due to disk space exhaustion.

Solution:
Perform the necessary upgrades.

http://www.bzip.org
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000972

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0953
Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633&w=2
Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/456430/30/8730/threaded
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Debian Security Information: DSA-730 (Google Search)
http://www.debian.org/security/2005/dsa-730
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
NETBSD Security Advisory: NetBSD-SA2008-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
http://www.redhat.com/support/errata/RHSA-2005-474.html
SGI Security Advisory: 20060301-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
Cert/CC Advisory: TA07-319A
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
BugTraq ID: 12954
http://www.securityfocus.com/bid/12954
BugTraq ID: 26444
http://www.securityfocus.com/bid/26444
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10902
http://www.vupen.com/english/advisories/2007/3525
http://www.vupen.com/english/advisories/2007/3868
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1154
http://secunia.com/advisories/19183
http://secunia.com/advisories/27274
http://secunia.com/advisories/27643
http://secunia.com/advisories/29940
XForce ISS Database: bzip2-toctou-symlink(19926)
http://xforce.iss.net/xforce/xfdb/19926
Common Vulnerability Exposure (CVE) ID: CVE-2005-1260
Debian Security Information: DSA-741 (Google Search)
http://www.debian.org/security/2005/dsa-741
http://www.ubuntulinux.org/support/documentation/usn/usn-127-1
BugTraq ID: 13657
http://www.securityfocus.com/bid/13657
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10700
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:749
http://secunia.com/advisories/15447

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.55065
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2005:972 (bzip2)
Summary:	Conectiva Security Advisory CLA-2005:972 (bzip2)
Description:	The remote host is missing updates announced in advisory CLA-2005:972. A race condition vulnerability in the file permission restore code of bunzip2 was discovered by Imran Ghory. While a user was decompressing a file, a local attacker with write permissions to the directory containing the uncompressed file could replace the target file with a hard link which would cause bunzip2 to restore the file permissions of the original file to the hard link target. This could be exploited to gain read or write access to files of other users. A vulnerability was found where specially crafted bzip2 archives would cause an infinite loop in the decompressor, resulting in an indefinitively large output file (also known as a 'decompression bomb'). This could be exploited to cause a Denial of Service attack on the host computer due to disk space exhaustion. Solution: Perform the necessary upgrades. http://www.bzip.org http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000972 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0953 Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633&w=2 Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/archive/1/456430/30/8730/threaded http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html Debian Security Information: DSA-730 (Google Search) http://www.debian.org/security/2005/dsa-730 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html http://www.redhat.com/support/errata/RHSA-2005-474.html SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html BugTraq ID: 12954 http://www.securityfocus.com/bid/12954 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10902 http://www.vupen.com/english/advisories/2007/3525 http://www.vupen.com/english/advisories/2007/3868 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1154 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 XForce ISS Database: bzip2-toctou-symlink(19926) http://xforce.iss.net/xforce/xfdb/19926 Common Vulnerability Exposure (CVE) ID: CVE-2005-1260 Debian Security Information: DSA-741 (Google Search) http://www.debian.org/security/2005/dsa-741 http://www.ubuntulinux.org/support/documentation/usn/usn-127-1 BugTraq ID: 13657 http://www.securityfocus.com/bid/13657 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10700 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:749 http://secunia.com/advisories/15447
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com