CVE-2005-0953: Race Condition
Published Apr 3, 2005
·Updated
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Affected Software
11 affected components
Bzip bzip2=0.9
Bzip bzip2=0.9.5_a
Bzip bzip2=0.9.5_b
Bzip bzip2=0.9.5_c
Bzip bzip2=0.9.5_d
Bzip bzip2=0.9_a
Bzip bzip2=0.9_b
Bzip bzip2=0.9_c
Bzip bzip2=1.0
Bzip bzip2=1.0.1
Bzip bzip2=1.0.2
Remediation
Patch Available
Event History
Apr 3, 2005
CVE Published
via MITRE·09:00 AM
Data Sourced
via MITRE·09:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2005-0953?
CVE-2005-0953 is considered a moderate severity vulnerability due to its potential for local privilege escalation.
2
How do I fix CVE-2005-0953?
To fix CVE-2005-0953, upgrade bzip2 to version 1.0.3 or later to eliminate the race condition.
3
Who is affected by CVE-2005-0953?
CVE-2005-0953 affects local users operating on bzip2 versions 1.0.2 and earlier.
4
What systems are vulnerable to CVE-2005-0953?
Systems running bzip2 versions from 0.9 to 1.0.2 are vulnerable to CVE-2005-0953.
5
What is a hard link attack in the context of CVE-2005-0953?
In the context of CVE-2005-0953, a hard link attack involves exploiting the timing of file decompression to change file permissions.