Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-0296

Published: Apr 27, 2014 | Modified: Apr 28, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-0296
CWEhttps://cwe.mitre.org/data/definitions/264.html

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that files permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.

Affected Software

Name Vendor Start Version End Version
Pigz Zlib * 2.2.4-1 (including)
Pigz Ubuntu lucid *
Pigz Ubuntu oneiric *
Pigz Ubuntu precise *
Pigz Ubuntu quantal *
Pigz Ubuntu raring *
Pigz Ubuntu saucy *
Pigz Ubuntu upstream *
Pigz Ubuntu utopic *
Pigz Ubuntu vivid *
Pigz Ubuntu wily *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use