Note: This is an archival copy of Security Sun Alert 200191 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000145.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability in the bzip2(1) command (see below for details)
A security vulnerability in the bzip2(1) command may allow a local unprivileged user to be able to read or modify files owned by another local user who invokes bzip2(1) to either compress or decompress files in a world writable directory. This could include system files if bzip2(1) is issued by a privileged user. [CVE-2005-0953]
A second security vulnerability in the bzip2(1) command may allow arbitrarily large files to be created when decompressing specially crafted bzip2(1) archives which may exhaust disk space and could cause a Denial of service (DoS). [CVE-2005-1260]
These issues are described in the following documents:
2. Contributing Factors
These issues can occur in the following releases:
Note 1: The file modification issue (CVE-2005-0953) only affects versions of bzip2(1) prior to 1.0.4.
Note 2: The arbitrarily large file issue (CVE-2005-1260) only affects versions of bzip2(1) prior to 1.0.3.
Note 3: The version of bzip2(1) on a system can be determined by running the following command:
$ bzip2 --version bzip2, a block-sorting file compressor. Version 1.0.4, 20-Dec-2006. [...]
If the file modification issue (CVE-2005-0953) has occurred, one or more files owned by the user who issued the bzip2(1) command would have their permissions changed.
The symptom of the arbitrarily large file issue (CVE-2005-1260) is the bzip2(1) command taking a long amount of time and the output file continuously growing in size.
The file modification issue (CVE-2005-0953) can be avoided by not compressing or decompressing files using bzip2(1) in world writable directories.
The arbitrarily large file issue (CVE-2005-1260) can be avoided by only decompressing bzip2(1) files from trusted sources.
These issues are addressed in the following releases:
27-Jun-2008: Updated Contributing Factors and Resolution sections. Resolved.
This solution has no attachment