CVE-2002-0759 - Vulnerability Details - OpenCVE

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bzip	Bzip2

Configuration 1 [-]

OR	cpe:2.3:a:bzip:bzip2:0.9.0:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.0c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5a:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5b:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5c:::::::*
	cpe:2.3:a:bzip:bzip2:0.9.5d:::::::*
	cpe:2.3:a:bzip:bzip2:1.0:::::::*
	cpe:2.3:a:bzip:bzip2:1.0.1:::::::*

No data.

References

Link	Providers
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
http://www.iss.net/security_center/static/9126.php
http://www.securityfocus.com/bid/4774

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2024-08-08T03:03:48.640Z

Reserved: 2002-07-25T00:00:00

Link: CVE-2002-0759

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-08-12T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-0759

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CSSA-2002-039.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "bzip2-decompression-file-overwrite(9126)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9126.php"}, {"name": "4774", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4774"}, {"name": "FreeBSD-SA-02:25", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0759", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CSSA-2002-039.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "bzip2-decompression-file-overwrite(9126)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9126.php"}, {"name": "4774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4774"}, {"name": "FreeBSD-SA-02:25", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:03:48.640Z"}, "title": "CVE Program Container", "references": [{"name": "CSSA-2002-039.0", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"name": "bzip2-decompression-file-overwrite(9126)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/9126.php"}, {"name": "4774", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4774"}, {"name": "FreeBSD-SA-02:25", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0759", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-07-25T00:00:00", "dateUpdated": "2024-08-08T03:03:48.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "325C63C7-740D-42E1-B8B1-51125DE57F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*", "matchCriteriaId": "550690C7-32D0-4126-B272-D2254A2EF434", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*", "matchCriteriaId": "DFE746CF-6890-4259-A9DB-5F77B592D1E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*", "matchCriteriaId": "6C95FE39-842A-45D1-A858-D438C0C15B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*", "matchCriteriaId": "D54DD36D-7A6C-4649-855A-D81F29FFB6C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*", "matchCriteriaId": "0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*", "matchCriteriaId": "5FE3BFE7-75B6-4284-9EDC-78D452CD9174", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B10B3BF9-BE42-468D-89E8-8D4A5FEDC734", "vulnerable": true}, {"criteria": "cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E55F00B1-D48B-40A6-872F-959598D7E6E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive."}, {"lang": "es", "value": "bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, no usan la etiqueta O_EXCL para crear ficheros durante la descomprensi\u00f3n y no alertan al usuario de que un fichero ya existente podr\u00eda ser sobreescrito, lo cual podr\u00eda permitir a atacantes remotos la sobreescritura de ficheros mediante un archivo bzip2."}], "id": "CVE-2002-0759", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9126.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9126.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4774"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}