Detections
Analytics
FreeBSD : bzip2 -- denial of service and permission race vulnerabilities (197f444f-e8ef-11d9-b875-0001020eed82)
medium Nessus Plugin ID 18853
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop.Second, when creating a new file, bzip2 closes the file before setting its permissions. Impact The first problem can cause bzip2 to extract a bzip2 archive to an infinitely large file. If bzip2 is used in automated processing of untrusted files this could be exploited by an attacker to create an denial-of-service situation by exhausting disk space or by consuming all available cpu time.
The second problem can allow a local attacker to change the permissions of local files owned by the user executing bzip2 providing that they have write access to the directory in which the file is being extracted. Workaround Do not uncompress bzip2 archives from untrusted sources and do not uncompress files in directories where untrusted users have write access.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 18853
File Name: freebsd_pkg_197f444fe8ef11d9b8750001020eed82.nasl
Version: 1.17
Type: local
Family: FreeBSD Local Security Checks
Published: 7/13/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.3
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:bzip2, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 6/29/2005
Vulnerability Publication Date: 3/30/2005
Reference Information
CVE: CVE-2005-0953, CVE-2005-1260
FreeBSD: SA-05:14.bzip2