NVD

Id
10618  
Name
CVE-2011-4089  
Description
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2014-04-16  
Modified Date
2014-04-17  
Seq
2011-4089  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
60004 10618 CVE-2011-4089 20111025 Re: Symlink vulnerabilities  View
60005 10618 CVE-2011-4089 18147  View
60006 10618 CVE-2011-4089 [oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure temporary file  View
60007 10618 CVE-2011-4089 USN-1308-1  View
60008 10618 CVE-2011-4089 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
35078 JVNDB-2011-005320 bzip2 の bzexe コマンドにおける任意のコードを実行される脆弱性 bzip2 の bzexe コマンドは、抽出時に一時ファイルを適切に処理しない圧縮された実行可能なファイルを生成するため、任意のコードを実行される脆弱性が存在します。 CVE-2011-4089 51996 CVE-2011-4089 10618 4.6 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005320.html 2011-12-04 2014-04-21 View