Vulnerability CVE-2015-1200: Information

Description

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

Severity: LOW (2.1)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1200
Published: Jan. 23, 2015
Modified: Nov. 7, 2023
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pxzsisyphus4.999.9beta-alt34.999.9beta-alt3ALT-PU-2015-1088-1139268Fixed
pxzp104.999.9beta-alt34.999.9beta-alt3ALT-PU-2015-1088-1139268Fixed
pxzp94.999.9beta-alt34.999.9beta-alt3ALT-PU-2015-1088-1139268Fixed
pxzc10f14.999.9beta-alt34.999.9beta-alt3ALT-PU-2015-1088-1139268Fixed
pxzc9f24.999.9beta-alt34.999.9beta-alt3ALT-PU-2015-1088-1139268Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
72101
    [oss-security] 20150118 Re: CVE Request: pxz -- race condition in setting permissions
      pxz-cve20151200-sec-bypass(100207)
        FEDORA-2020-07fcbfddbd
          FEDORA-2020-8b89d5b9eb
            FEDORA-2020-c9eb911737

                1. Configuration 1

                  cpe:2.3:a:pxz_project:pxz:4.999.99:beta3:*:*:*:*:*:*
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.0
              Back to top