The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bzip2 | Bzip | * | 1.0.4 (including) |
| Bzip2 | Bzip | 1.0 (including) | 1.0 (including) |
| Bzip2 | Bzip | 1.0.1 (including) | 1.0.1 (including) |
| Bzip2 | Bzip | 1.0.2 (including) | 1.0.2 (including) |
| Bzip2 | Bzip | 1.0.3 (including) | 1.0.3 (including) |
| Bzip2 | Ubuntu | devel | * |
| Bzip2 | Ubuntu | hardy | * |
| Bzip2 | Ubuntu | lucid | * |
| Bzip2 | Ubuntu | maverick | * |
| Bzip2 | Ubuntu | natty | * |
| Bzip2 | Ubuntu | oneiric | * |
| Bzip2 | Ubuntu | upstream | * |
References
- http://seclists.org/fulldisclosure/2011/Oct/804
- http://www.exploit-db.com/exploits/18147
- http://www.openwall.com/lists/oss-security/2011/10/28/16
- http://www.ubuntu.com/usn/USN-1308-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862
- http://seclists.org/fulldisclosure/2011/Oct/804
- http://www.exploit-db.com/exploits/18147
- http://www.openwall.com/lists/oss-security/2011/10/28/16
- http://www.ubuntu.com/usn/USN-1308-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862