Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» FreeBSD » FreeBSD-SA-02:25-bzip2 contains multiple security vulnerabilities

FreeBSD-SA-02:25-bzip2 contains multiple security vulnerabilities

I. Background bzip2 is an advanced block-sorting file compression utility. II. Problem Description When creating a file during decompression, the bzip2 utility failed to use the O_EXCL flag, potentially overwriting files without warning. In addition, the bzip2 utility did not securely create new files causing a race condition between creating the file and setting the correct permissions.

  • Vendor: FreeBSD
  • Vendor ID: SA-02:25
  • Date: May 20, 2002


When compressing a file pointed to by a symbolic link, the bzip2
utility incorrectly stored the permissions of the symbolic link
instead of the file. This may result in potentially lax file
permissions (rwxr-xr-x), causing the decompressed file to be
world-readable.

bzip2 was incorporated into FreeBSD prior to FreeBSD 4.4-RELEASE.
Previous versions of FreeBSD did not contain bzip2 and are unaffected
unless bzip2 was installed from the ports collection or manually by
the system administrator.

III. Impact

1) Files may be inadvertently overwritten without warning.

2) Due to the race condition between creating files and setting proper
permissions, a local user may be able to read the contents of files
regardless of their intended permissions.

3) Decompressed files that were originally pointed to by a symbolic
link may end up with in incorrect permissions, allowing local users
to view their contents.

IV. Workaround

1) Deinstall the bzip2 port/package if you have it installed.

V. Solution

[FreeBSD 4.4 or 4.5 base system]

1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or
RELENG_4_5 security branch dated after the respective correction dates.

2) To patch your present system, download the relevant patch from the
below location, and execute the following commands as root:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch.asc

Verify the detached PGP signature using your PGP utility.

This patch has been verified to apply to FreeBSD 4.4-RELEASE and
4.5-RELEASE.

# cd /usr/src
# patch -p

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iQCVAwUBPOkduVUuHi5z0oilAQHJtAP/ZoPk981NwyoAzX+BlL9EM0JAl9bYBSmp
lgoSORQhK2Cu5DxqOt1J1GIu3748qrAU4+YkZ5JkucA6UgzDFd+mLcQbE57qrDCs
rweqLHipm/fjQ8MXFbs5O2ZlrAPTauAiBYk60OtHEoYe5SE70By4zy8o0jzoKo8H
5dXKGYTnve0=
=UUGE
-----END PGP SIGNATURE-----

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »