VYPR
Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026

CVE-2002-0760

CVE-2002-0760

Description

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Affected products

11
  • Bzip/Bzip211 versions
    cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.0.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.