Vulnerability Note VU#487102
Multiple tools within the Netpbm package create temporary files in an insecure manner
Overview
Multiple tools within the Netpbm package create temporary files in an insecure manner.
Description
Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely. |
Impact
A local attacker could overwrite arbitrary files with the privileges of the Netpbm tool process. |
Solution
Upgrade or Apply Patch Upgrade or apply patch as specified by your vendor. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian | Affected | 19 Jan 2004 | 23 Jan 2004 |
| NetPBM | Affected | 19 Jan 2004 | 23 Jan 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.debian.org/security/2004/dsa-426
- http://sourceforge.net/projects/netpbm/
- http://www.secunia.com/advisories/10662/
Credit
Thanks to Debian for the information contained in their security advisory.
This document was written by Damon Morda.
Other Information
- CVE IDs: CAN-2003-0924
- Date Public: 18 Jan 2004
- Date First Published: 19 Jan 2004
- Date Last Updated: 23 Jan 2004
- Severity Metric: 2.02
- Document Revision: 11
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.