« Sun Alert 103106 FTP... | Main | Sun Alert 103064... »
16 Oct 2007 Sun Alert 103118 Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

A security vulnerability in the bzip2(1) command may allow a local unprivileged user to be able to read or modify files owned by another local user who invokes bzip2(1) to either compress or decompress files in a world writable directory. This could include system files if bzip2(1) is issued by a privileged user. [CVE-2005-0953]

A second security vulnerability in the bzip2(1) command may allow arbitrarily large files to be created when decompressing specially crafted bzip2(1) archives which may exhaust disk space and could cause a Denial of service (DoS). [CVE-2005-1260]

These issues are described in the following documents:

CVE-2005-0953 at:

CVE-2005-1260 at:

Avoidance: Patch, Workaround
State: Workaround
First released: 16-Oct-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_103118_two_security
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 103106 FTP... | Main | Sun Alert 103064... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.