Vulnerability Bulletins |
Vulnerabilidad en paquete netpbm-free |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | NetPBM |
Description |
|
| Se ha descubierto una vulnerabilidad en el paquete netpbm. Esta aplicación es una herramienta para conversión de graficos , formada por un gran número de programas de propósito simple. Algunos de estos programas crean ficheros temporales de forma insegura , lo que permitiría que un atacante local sobreescriba ficheros con privilegios del usuarios que invocó a la herramienta netpbm. | |
Solution |
|
|
Actualizacion de Software Debian GNU/Linux 3.0 (woody) Source: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb ARM: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb HPPA: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb Linux RedHat 9: i386: ftp://updates.redhat.com/9/en/os/i386/netpbm-9.24-10.90.1.i386.rpm ftp://updates.redhat.com/9/en/os/i386/netpbm-devel-9.24-10.90.1.i386.rpm ftp://updates.redhat.com/9/en/os/i386/netpbm-progs-9.24-10.90.1.i386.rpm SRPMS: ftp://updates.redhat.com/9/en/os/SRPMS/netpbm-9.24-10.90.1.src.rpm Mandrake Linux Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm Multi Network Firewall 8.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2003-0924 |
| BID | |
Other resources |
|
|
Debian Security Advisory DSA-426-1 http://www.debian.org/security/2004/dsa-426 RedHat Security Advisory RHSA-2004:030-01 https://rhn.redhat.com/errata/RHSA-2004-030.html MandrakeSoft Security Advisory MDKSA-2004:011 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011 MandrakeSoft Security Advisory MDKSA-2004:011-1 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-01-20 |
| 1.1 | Aviso actualizado por Mandrake (MDKSA-2004:011-1) | 2004-09-28 |