CVE-2005-0953

N/A Unknown
Published: May 02, 2005 Modified: April 16, 2026
View on NVD

Description

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
Source: cve@mitre.org
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
Source: cve@mitre.org
http://docs.info.apple.com/article.html?artnum=307041
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=111229375217633&w=2
Source: cve@mitre.org
http://secunia.com/advisories/19183
Source: cve@mitre.org
http://secunia.com/advisories/27274
Source: cve@mitre.org
http://secunia.com/advisories/27643
Source: cve@mitre.org
http://secunia.com/advisories/29940
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
Source: cve@mitre.org
http://www.debian.org/security/2005/dsa-730
Source: cve@mitre.org
Patch Vendor Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
Source: cve@mitre.org
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2005-474.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/12954
Source: cve@mitre.org
http://www.securityfocus.com/bid/26444
Source: cve@mitre.org
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Source: cve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2007/3525
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/3868
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
Source: cve@mitre.org
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
Source: af854a3a-2127-422b-91ae-364da2661108
http://docs.info.apple.com/article.html?artnum=307041
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=111229375217633&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/19183
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27274
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27643
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29940
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2005/dsa-730
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2005-474.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/12954
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/26444
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2007/3525
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3868
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
Source: af854a3a-2127-422b-91ae-364da2661108

50 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
26th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

bzip