CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 13.4%
EPSS: 2026-05-06
Afecta
zlib:pigzDescripción técnica
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Publicada: 27/4/2014, 21:55:05
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
- http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
- http://www.openwall.com/lists/oss-security/2013/02/15/4
- http://www.openwall.com/lists/oss-security/2013/02/16/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
- http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
- http://www.openwall.com/lists/oss-security/2013/02/15/4