Executive Summary
| Summary | |
|---|---|
| Title | netpbm security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2005:793 | First vendor Publication | 2005-10-18 |
| Vendor | RedHat | Last vendor Modification | 2005-10-18 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated netpbm packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). The usage of uninitialised variables in the pnmtopng code allows an attacker to change stack contents when converting to PNG files with pnmtopng using the '-trans' option. This may allow an attacker to execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2978 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 168278 - CAN-2005-2978 Crash running pnmtopng -trans on some pnm files |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2005-793.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10135 | |||
| Oval ID: | oval:org.mitre.oval:def:10135 | ||
| Title: | pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. | ||
| Description: | pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-2978 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for netpbm File : nvt/sles9p5010678.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-18 (Netpbm) File : nvt/glsa_200510_18.nasl |
| 2008-09-04 | Name : FreeBSD Ports: netpbm File : nvt/freebsd_netpbm.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 878-1 (netpbm-free) File : nvt/deb_878_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 20068 | Netpbm pnmtopng closestColorInPalette() Function Arbitrary Code Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-878.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-793.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ae9fb0d7c4dc11dab2fb000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-199.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-210-1.nasl - Type : ACT_GATHER_INFO |
| 2005-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200510-18.nasl - Type : ACT_GATHER_INFO |
| 2005-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-793.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:49:42 |
|
