bzip2 -- denial of service and permission race vulnerabilities
Two problems have been discovered relating to the
extraction of bzip2-compressed files. First, a carefully
constructed invalid bzip2 archive can cause bzip2 to enter
an infinite loop. Second, when creating a new file, bzip2
closes the file before setting its permissions.
The first problem can cause bzip2 to extract a bzip2
archive to an infinitely large file. If bzip2 is used in
automated processing of untrusted files this could be
exploited by an attacker to create an denial-of-service
situation by exhausting disk space or by consuming all
available cpu time.
The second problem can allow a local attacker to change the
permissions of local files owned by the user executing bzip2
providing that they have write access to the directory in
which the file is being extracted.
Do not uncompress bzip2 archives from untrusted sources and
do not uncompress files in directories where untrusted users
have write access.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright