Netpbm anytopnm Insecure Temporary File Creation

2004-01-18T00:00:00
ID OSVDB:10701
Type osvdb
Reporter OSVDB
Modified 2004-01-18T00:00:00

Description

Vulnerability Description

anytopnm, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity.

Solution Description

Upgrade to version 10.20 or higher, as it has been reported to fix this vulnerability. If an unofficial release is in use as provided by a third party vendor, vendor upgrades should be used. An upgrade is required as there are no known workarounds.

Short Description

anytopnm, one of the netpbm utilities, contains a flaw that may allow a malicious user to overwrite arbitrary files. Due to predictable temporary file names, an attacker can create symlinks in advance to exploit this flaw. It is possible that the flaw may allow for the overwriting and/or corruption of arbitrary files by the user invoking the vulnerable applications resulting in a loss of integrity.

References:

Vendor URL: http://netpbm.sourceforge.net/ Secunia Advisory ID:12723 Secunia Advisory ID:13682 Related OSVDB ID: 10700 Related OSVDB ID: 10702 Related OSVDB ID: 10486 Related OSVDB ID: 10703 RedHat RHSA: RHSA-2004:031 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011-1 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000909 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml Other Advisory URL: http://www.debian.org/security/2004/dsa-426 OVAL ID: 804 OVAL ID: 810 Nessus Plugin ID:14111 Nessus Plugin ID:15263 Nessus Plugin ID:12454 ISS X-Force ID: 14874 CVE-2003-0924 CERT VU: 487102 Bugtraq ID: 9442