Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0953
CVE-2005-0953
Description
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Affected products
11cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- www.debian.org/security/2005/dsa-730nvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA07-319A.htmlnvdUS Government Resource
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.ascnvd
- patches.sgi.com/support/free/security/advisories/20060301-01.U.ascnvd
- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlnvd
- marc.infonvd
- secunia.com/advisories/19183nvd
- secunia.com/advisories/27274nvd
- secunia.com/advisories/27643nvd
- secunia.com/advisories/29940nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.htmlnvd
- www.redhat.com/support/errata/RHSA-2005-474.htmlnvd
- www.securityfocus.com/archive/1/456430/30/8730/threadednvd
- www.securityfocus.com/bid/12954nvd
- www.securityfocus.com/bid/26444nvd
- www.vupen.com/english/advisories/2007/3525nvd
- www.vupen.com/english/advisories/2007/3868nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19926nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154nvd
News mentions
0No linked articles in our index yet.