CVE-2002-0760

Name of the Vulnerable Software and Affected Versions bzip2 versions prior to 1.0.2 FreeBSD versions 4.5 and earlier OpenLinux versions 3.1 and 3.1.1

Description A race condition exists in bzip2, which could allow local users to read files as they are being decompressed. The issue arises because bzip2 decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive.

Recommendations For bzip2 versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. For FreeBSD versions 4.5 and earlier, consider upgrading to a newer version of FreeBSD that includes the fixed bzip2 version. For OpenLinux versions 3.1 and 3.1.1, consider upgrading to a newer version of OpenLinux that includes the fixed bzip2 version.