Summary
The remote host is missing an update to bzip2
announced via advisory DSA 730-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20730-1
Insight
Imran Ghory discovered a race condition in bzip2, a high-quality block-sorting file compressor and decompressor. When decompressing a file in a directory an attacker has access to, bunzip2 could be tricked to set the file permissions to a different file the user has permissions to.
For the stable distribution (woody) this problem has been fixed in version 1.0.2-1.woody2
For the testing distribution (sarge) this problem has been fixed in version 1.0.2-6.
For the unstable distribution (sid) this problem has been fixed in version 1.0.2-6.
We recommend that you upgrade your bzip2 packages.
Severity
Classification
-
CVE CVE-2005-0953 -
CVSS Base Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)
- Debian Security Advisory DSA 1042-1 (cyrus-sasl2)
- Debian Security Advisory DSA 1256-1 (gtk+2.0)
- Debian Security Advisory DSA 1326-1 (fireflier-server)
- Debian Security Advisory DSA 2730-1 (gnupg - information leak)