Access Restriction Bypass Affecting bzip2 package, versions <1.0.6-1
Threat Intelligence
EPSS
0.04% (14th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-BZIP2-284285
- published 16 Apr 2014
- disclosed 16 Apr 2014
Introduced: 16 Apr 2014
CVE-2011-4089 Open this link in a new tabHow to fix?
Upgrade Debian:9 bzip2 to version 1.0.6-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bzip2 package and not the bzip2 package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
References
CVSS Scores
version 3.1