Vulnerabilities > CVE-2003-0924 - Unspecified vulnerability in Netpbm
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-426.NASL description netpbm is a graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. last seen 2020-06-01 modified 2020-06-02 plugin id 15263 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15263 title Debian DSA-426-1 : netpbm-free - insecure temporary files code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-426. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15263); script_version("1.25"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0924"); script_bugtraq_id(9442); script_xref(name:"CERT", value:"487102"); script_xref(name:"DSA", value:"426"); script_name(english:"Debian DSA-426-1 : netpbm-free - insecure temporary files"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "netpbm is a graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-426" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody) these problems have been fixed in version 2:9.20-8.4. We recommend that you update your netpbm-free package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:netpbm-free"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libnetpbm9", reference:"9.20-8.4")) flag++; if (deb_check(release:"3.0", prefix:"libnetpbm9-dev", reference:"9.20-8.4")) flag++; if (deb_check(release:"3.0", prefix:"netpbm", reference:"9.20-8.4")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-031.NASL description Updated NetPBM packages are available that fix a number of temporary file vulnerabilities in the netpbm libraries. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. A number of temporary file bugs have been found in versions of NetPBM. These could make it possible for a local user to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0924 to this issue. Users are advised to upgrade to the erratum packages, which contain patches from Debian that correct these bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 12454 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12454 title RHEL 2.1 / 3 : netpbm (RHSA-2004:031) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-02.NASL description The remote host is affected by the vulnerability described in GLSA-200410-02 (Netpbm: Multiple temporary file issues) Utilities contained in the Netpbm package prior to the 9.25 version contain defects in temporary file handling. They create temporary files with predictable names without checking first that the target file doesn last seen 2020-06-01 modified 2020-06-02 plugin id 15418 published 2004-10-04 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15418 title GLSA-200410-02 : Netpbm: Multiple temporary file issues NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-011.NASL description A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Update : The patch applied made some calls to the mktemp utility with an incorrect parameter which prevented mktemp from creating temporary files in some scripts. last seen 2020-06-01 modified 2020-06-02 plugin id 14111 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14111 title Mandrake Linux Security Advisory : netpbm (MDKSA-2004:011-1)
Oval
accepted 2007-04-25T19:52:42.229-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. family unix id oval:org.mitre.oval:def:804 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat netpbm File Overwrite Vulnerability version 38 accepted 2007-04-25T19:52:49.762-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. family unix id oval:org.mitre.oval:def:810 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat Enterprise 3 netpbm File Overwrite Vulnerability version 38
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- http://www.debian.org/security/2004/dsa-426
- http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
- http://www.kb.cert.org/vuls/id/487102
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
- http://www.redhat.com/support/errata/RHSA-2004-030.html
- http://www.redhat.com/support/errata/RHSA-2004-031.html
- http://www.securityfocus.com/bid/9442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14874
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810