4.6

CVE-2011-4089

Exploit
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BzipBzip2 Version <= 1.0.4
BzipBzip2 Version1.0
BzipBzip2 Version1.0.1
BzipBzip2 Version1.0.2
BzipBzip2 Version1.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.05% 0.597
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2011/Oct/804
http://www.exploit-db.com/exploits/18147
Exploit
http://www.openwall.com/lists/oss-security/2011/10/28/16
http://www.ubuntu.com/usn/USN-1308-1
Patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862
Patch