CVE-2015-1200 Information
Description
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file which allows local users to bypass the intended access restrictions.
Reference
http://seclists.org/oss-sec/2015/q1/177 http://www.securityfocus.com/bid/72101 https://exchange.xforce.ibmcloud.com/vulnerabilities/100207 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/
Share on: