CVE-2013-0296

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.

4.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
http://www.openwall.com/lists/oss-security/2013/02/15/4
http://www.openwall.com/lists/oss-security/2013/02/16/3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
http://www.openwall.com/lists/oss-security/2013/02/15/4
http://www.openwall.com/lists/oss-security/2013/02/16/3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:pigz:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:47

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html - () http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html -
References () http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html - () http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html -
References () http://www.openwall.com/lists/oss-security/2013/02/15/4 - () http://www.openwall.com/lists/oss-security/2013/02/15/4 -
References () http://www.openwall.com/lists/oss-security/2013/02/16/3 - () http://www.openwall.com/lists/oss-security/2013/02/16/3 -
References () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608 - () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608 -
Information

Published : 2014-04-27 21:55

Updated : 2025-04-12 10:46

NVD link : CVE-2013-0296

Mitre link : CVE-2013-0296

CVE.ORG link : CVE-2013-0296

JSON object : View

Products Affected

zlib

  • pigz
CWE
CWE-264

Permissions, Privileges, and Access Controls