PT-2014-2441 · Mark Adler · Pigz
Michael Tokarev
·
Published
2014-04-27
·
Updated
2014-04-28
·
CVE-2013-0296
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
pigz versions prior to 2.2.5
Description
A race condition exists in the compression process, where permissions derived from the umask are used before setting the file's permissions to match the original file. This might allow local users to bypass intended access permissions during compression.
Recommendations
For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pigz