CVE-2011-4089

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2011-4089

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-4089.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-4089

Downstream

DEBIAN-CVE-2011-4089

Published

2014-04-16T18:37:11Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

References

http://www.exploit-db.com/exploits/18147
http://www.ubuntu.com/usn/USN-1308-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862
http://seclists.org/fulldisclosure/2011/Oct/804
http://www.openwall.com/lists/oss-security/2011/10/28/16

CVE-2011-4089

Affected packages