CVE-2002-0761 Information

Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier OpenLinux 3.1 and 3.1.1 and possibly systems uses the permissions of symbolic links instead of the actual files when creating an archive which could cause the files to be extracted with less restrictive permissions than intended.

Reference

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc http://www.iss.net/security_center/static/9128.php http://www.securityfocus.com/bid/4776