← back
CVE-2013-0296

CVE-2013-0296

EPSS 0.3%
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.htmlhttp://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608http://www.openwall.com/lists/oss-security/2013/02/15/4http://www.openwall.com/lists/oss-security/2013/02/16/3