int(2285)

Vulnerability Bulletins


Ejecución insegura en pstopnm

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio exotico

System information

Property Value
Affected manufacturer GNU/Linux
Affected software pstopnm

Description

Se ha descubierto una vulnerabilidad en pstopnm, un conversor de Postscript a los formatos PBM, PGM y PNM. La vulnerabilidad reside en que pstopnm lanza Ghostscript de una manera insegura.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto o local ejecutar código arbitrario mediante archivos Postscript especialmente diseñados que la víctima debe intentar convertir mediante pstopnm.

Solution



Actualización de software

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb
ARM
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb


http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb

http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb
AMD64
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb
ARM
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb

IBM S/390
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb

Standar resources

Property Value
CVE CVE-2005-2471
BID 14379

Other resources

Debian Security Advisory DSA 1021-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00102.html

Version history

Version Comments Date
1.0 Aviso emitido 2006-03-29
Ministerio de Defensa
Presidencia española. Consejo de la Unión Europea
CNI
CCN
CCN-CERT