First published: Fri Feb 15 2013(Updated: )
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/pigz | <=2.2.4-1<=2.1.6-1 | 2.2.4-2 2.1.6-1+squeeze1 |
debian/pigz | 2.6-1 2.8-1 | |
Pigz | <=2.2.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-0296 is considered a medium severity vulnerability due to the risk of local users bypassing access permissions.
To fix CVE-2013-0296, upgrade pigz to version 2.2.5 or later.
CVE-2013-0296 affects pigz versions prior to 2.2.5, including 2.2.4-2 and 2.1.6-1+squeeze1.
CVE-2013-0296 cannot be exploited by remote attackers; it can only be exploited by local users.
CVE-2013-0296 is a race condition vulnerability that affects file permission settings during compression.