Vulnerability Note VU#487102

Multiple tools within the Netpbm package create temporary files in an insecure manner

Original Release date: 19 Jan 2004 | Last revised: 23 Jan 2004

Overview

Multiple tools within the Netpbm package create temporary files in an insecure manner.

Description

Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely.

Impact

A local attacker could overwrite arbitrary files with the privileges of the Netpbm tool process.

Solution

Upgrade or Apply Patch

Upgrade or apply patch as specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected19 Jan 200423 Jan 2004
NetPBMAffected19 Jan 200423 Jan 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Debian for the information contained in their security advisory.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2003-0924
  • Date Public: 18 Jan 2004
  • Date First Published: 19 Jan 2004
  • Date Last Updated: 23 Jan 2004
  • Severity Metric: 2.02
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.