155744 – CAN-2005-0953 bzip2 race condition

Bug 155744 - CAN-2005-0953 bzip2 race condition

Summary: CAN-2005-0953 bzip2 race condition

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bzip2
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Ivana Varekova
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:	impact=low,public=20050330,source=bug...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-22 17:58 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-01-09 10:12:11 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2005-04-22 17:58:40 UTC

+++ This bug was initially created as a clone of Bug #155742 +++

Race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete.

http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633&w=2

Comment 1 Rahul Sundaram 2005-09-05 07:23:28 UTC


Whats the status on this one?

Comment 2 Ivana Varekova 2005-09-05 07:47:06 UTC

This bug is fixed in devel (version 1.0.3-1) and in fc4 (version 1.0.2-16).

Comment 3 Ivana Varekova 2006-01-09 10:12:11 UTC

This bug is fixed in fc3 branch too (1.0.2-13.FC3.1).

Note You need to log in before you can comment on or make changes to this bug.