Abrir sesión
logo

DEFENSA FRONTE ÁS CIBERAMEAZAS

barra-separadora

Soporte de vulnerabilidades

Servicio de soporte de vulnerabilidadesAnálisis, notificación y seguimiento de aquellas vulnerabilidades más críticas, que impactan especialmente en las tecnologías empleadas en el sector público. El CCN-CERT trabajará en la recopilación y clasificación de las nuevas vulnerabilidades, realizando un análisis teórico y en laboratorio, cuando sea posible, de aquellas que por su criticidad lo requieran.

Se generarán documentos informativos o “abstracts” de dichas vulnerabilidades y se llevará a cabo un seguimiento de la evolución de la vulnerabilidad en Internet, alertando a los organismos ante cambios en la criticidad, aparición de parches, nuevas recomendaciones, constancia de explotaciones activas, etc.

Para inscribirse en este servicio o recibir más información, escribir al correo electrónico: soporte_acreditacion@ccn.cni.es

Abstracts:


Vulnerability Bulletins


Vulnerabilidad en paquete netpbm-free

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto con cuenta

System information

Property Value
Affected manufacturer GNU/Linux
Affected software NetPBM

Description

Se ha descubierto una vulnerabilidad en el paquete netpbm. Esta aplicación es una herramienta para conversión de graficos , formada por un gran número de programas de propósito simple. Algunos de estos programas crean ficheros temporales de forma insegura , lo que permitiría que un atacante local sobreescriba ficheros con privilegios del usuarios que invocó a la herramienta netpbm.

Solution



Actualizacion de Software

Debian GNU/Linux 3.0 (woody)
Source:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb

Linux RedHat 9:
i386:
ftp://updates.redhat.com/9/en/os/i386/netpbm-9.24-10.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/netpbm-devel-9.24-10.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/netpbm-progs-9.24-10.90.1.i386.rpm
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/netpbm-9.24-10.90.1.src.rpm

Mandrake Linux

Mandrakelinux 9.2
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm

Multi Network Firewall 8.2
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm

Corporate Server 2.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm

Standar resources

Property Value
CVE CAN-2003-0924
BID NULL

Other resources

Debian Security Advisory DSA-426-1
http://www.debian.org/security/2004/dsa-426

RedHat Security Advisory RHSA-2004:030-01
https://rhn.redhat.com/errata/RHSA-2004-030.html

MandrakeSoft Security Advisory MDKSA-2004:011
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011

MandrakeSoft Security Advisory MDKSA-2004:011-1
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011-1

Version history

Version Comments Date
1.0 Aviso emitido 2004-01-20
1.1 Aviso actualizado por Mandrake (MDKSA-2004:011-1) 2004-09-28
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración