Search for vulnerabilities
Vulnerability details: VCID-zzv2-5d1a-aaan
Vulnerability ID VCID-zzv2-5d1a-aaan
Aliases CVE-2005-0953
Summary Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2005:474
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2005-0953
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1617590
cvssv2 3.7 https://nvd.nist.gov/vuln/detail/CVE-2005-0953
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://docs.info.apple.com/article.html?artnum=307041
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
http://marc.info/?l=bugtraq&m=111229375217633&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0953.json
https://api.first.org/data/v1/epss?cve=CVE-2005-0953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://secunia.com/advisories/19183
http://secunia.com/advisories/27274
http://secunia.com/advisories/27643
http://secunia.com/advisories/29940
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
http://www.debian.org/security/2005/dsa-730
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
http://www.redhat.com/support/errata/RHSA-2005-474.html
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
http://www.securityfocus.com/bid/12954
http://www.securityfocus.com/bid/26444
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
http://www.vupen.com/english/advisories/2007/3525
http://www.vupen.com/english/advisories/2007/3868
1617590 https://bugzilla.redhat.com/show_bug.cgi?id=1617590
cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
CVE-2005-0953 https://nvd.nist.gov/vuln/detail/CVE-2005-0953
RHSA-2005:474 https://access.redhat.com/errata/RHSA-2005:474
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-0953
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.27708
EPSS Score 0.00062
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.