Executive Summary
| Summary | |
|---|---|
| Title | New netpbm-free packages fix insecure temporary file creation |
| Informations | |||
|---|---|---|---|
| Name | DSA-426 | First vendor Publication | 2004-01-18 |
| Vendor | Debian | Last vendor Modification | 2004-01-18 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 3.7 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 1.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. For the current stable distribution (woody) these problems have been fixed in version 2:9.20-8.4. For the unstable distribution (sid) these problems have been fixed in version 2:9.25-9. We recommend that you update your netpbm-free package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-426 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10978 | |||
| Oval ID: | oval:org.mitre.oval:def:10978 | ||
| Title: | netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | ||
| Description: | netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0924 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-02 (Netpbm) File : nvt/glsa_200410_02.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 426-1 (netpbm-free) File : nvt/deb_426_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 10703 | Netpbm ppmfade Insecure Temporary File Creation ppmfade, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity. |
| 10702 | Netpbm parallel Insecure Temporary File Creation parallel, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity. |
| 10701 | Netpbm anytopnm Insecure Temporary File Creation anytopnm, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity. |
| 10700 | Netpbm pnmmargin Insecure Temporary File Creation pnmmargin, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity. |
| 10486 | Netpbm pnmindex Insecure Temporary File Creation pnmindex, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-10-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-02.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-426.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-011.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-031.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:02 |
|
