CVE-2002-0760 in bzip2
Summary
by MITRE
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/24/2024
The vulnerability described in CVE-2002-0760 represents a critical race condition in the bzip2 compression utility that affects multiple operating systems including FreeBSD 4.5 and earlier versions, as well as OpenLinux 3.1 and 3.1.1. This flaw occurs during the decompression process when the utility creates temporary files with world-readable permissions before properly setting the intended file permissions as specified in the archive. The race condition creates a window of opportunity where malicious local users can exploit this timing issue to gain unauthorized access to sensitive data during the decompression operation. This vulnerability directly impacts the principle of least privilege and file system security by allowing unauthorized read access to files that should remain protected during the decompression process.
The technical implementation of this vulnerability stems from the improper sequencing of file creation and permission setting operations within the bzip2 decompression routine. When bzip2 processes an archive, it first creates the decompressed file with default world-readable permissions to facilitate the decompression process, but only sets the intended restrictive permissions after the decompression completes. This temporal gap between file creation and permission enforcement creates a race condition that allows local attackers to read the file contents before the proper permissions are applied. The vulnerability is classified under CWE-362, which specifically addresses race conditions, and represents a classic example of a time-of-check to time-of-use security flaw. The flaw is particularly concerning because it affects the fundamental file system security model of the operating systems involved.
The operational impact of this vulnerability extends beyond simple information disclosure, as it enables local privilege escalation attacks and data theft scenarios. Attackers can exploit this condition to read sensitive files that are being decompressed, potentially accessing confidential data, source code, or system configuration files that should remain protected. The vulnerability affects systems where bzip2 is commonly used for decompressing archives, which includes development environments, system administration tools, and general user workstations. The risk is particularly elevated in multi-user environments where local users might attempt to exploit this condition to access files belonging to other users or system processes. This vulnerability aligns with ATT&CK technique T1005, which covers data from local system, and T1059, covering command and scripting interpreter, as attackers could leverage this condition to execute unauthorized file access operations.
Mitigation strategies for CVE-2002-0760 primarily focus on updating to patched versions of bzip2, with version 1.0.2 and later providing the necessary fixes. System administrators should immediately apply security patches to all affected systems and verify that the updated bzip2 implementation properly handles file permissions during decompression operations. Additional protective measures include implementing proper file system monitoring to detect unauthorized access during decompression operations, restricting the use of bzip2 in security-critical environments, and employing automated permission setting mechanisms that prevent the creation of world-readable files during decompression. Organizations should also consider implementing access control lists and file permission auditing to identify and prevent exploitation of similar timing-based vulnerabilities in other system utilities. The fix implemented in bzip2 version 1.0.2 addresses the core issue by ensuring that file permissions are properly established before any data is written to the decompressed file, thereby eliminating the race condition window that enabled unauthorized access.