The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103118 Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

A security vulnerability in the bzip2(1) command may allow a local unprivileged user to be able to read or modify files owned by another local user who invokes bzip2(1) to either compress or decompress files in a world writable directory. This could include system files if bzip2(1) is issued by a privileged user. [CVE-2005-0953]

A second security vulnerability in the bzip2(1) command may allow arbitrarily large files to be created when decompressing specially crafted bzip2(1) archives which may exhaust disk space and could cause a Denial of service (DoS). [CVE-2005-1260]

These issues are described in the following documents:

CVE-2005-0953 at:

CVE-2005-1260 at:

Avoidance: Patch, Workaround
State: Workaround
First released: 16-Oct-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.