← back
CVE-2002-0759

CVE-2002-0759

EPSS 1.3%
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txtftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.aschttp://www.iss.net/security_center/static/9126.phphttp://www.securityfocus.com/bid/4774