Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
Exploitability
AV:LAC:HAu:NImpact
C:PI:NA:N1.2/AV:L/AC:H/Au:N/C:P/I:N/A:N