Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200410-02
HistoryOct 04, 2004 - 12:00 a.m.

Netpbm: Multiple temporary file issues

2004-10-0400:00:00
Gentoo Foundation
security.gentoo.org
6

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.1%

JSON

Background

Netpbm is a toolkit containing more than 200 separate utilities for manipulation and conversion of graphic images.

Description

Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable names without checking first that the target file doesn’t already exist.

Impact

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a user or a tool calls one of the affected utilities, this would result in file overwriting with the rights of the user running the utility.

Workaround

There is no known workaround at this time.

Resolution

All Netpbm users should upgrade to an unaffected version:

 # emerge sync

 # emerge -pv ">=media-libs/netpbm-10.0"
 # emerge ">=media-libs/netpbm-10.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/netpbm<= 9.12-r4UNKNOWN

Related

nessus 4
cert 1
debian 1
openvas 4
securityvulns 1
osv 1
cve 1
altlinux 1
redhat 1
debiancve 1
nessus
nessus
GLSA-200410-02 : Netpbm: Multiple temporary file issues
2004-10-04 00:00:00
RHEL 2.1 / 3 : netpbm (RHSA-2004:031)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : netpbm (MDKSA-2004:011-1)
2004-07-31 00:00:00
cert
cert
Multiple tools within the Netpbm package create temporary files in an insecure manner
2004-01-19 00:00:00
debian
debian
[SECURITY] [DSA 426-1] New netpbm-free packages fix insecure temporary file creation
2004-01-18 21:12:27
openvas
openvas
Gentoo Security Advisory GLSA 200410-02 (Netpbm)
2008-09-24 00:00:00
Debian Security Advisory DSA 426-1 (netpbm-free)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-426)
2008-01-17 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [SECURITY] [DSA 426-1] New netpbm-free packages fix insecure temporary file creation
2004-01-19 00:00:00
osv
osv
netpbm-free - insecure temporary files
2004-01-18 00:00:00
cve
cve
CVE-2003-0924
2004-02-17 05:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package netpbm version 9.24-alt4
2004-02-12 00:00:00
redhat
redhat
(RHSA-2004:031) netpbm security update
2004-02-03 00:00:00
debiancve
debiancve
CVE-2003-0924
2004-02-17 05:00:00

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for GLSA-200410-02
nessus4cert1debian1openvas4securityvulns1osv1cve1altlinux1redhat1debiancve1