Vulnerabilities > CVE-2005-2471 - Unspecified vulnerability in Netpbm 2.10.0.8

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

netpbm

nessus

NVD

Published: 2005-08-05

Updated: 2017-10-11

Summary

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.

Vulnerable Configurations

Part	Description	Count
Application	Netpbm Netpbm Netpbm 2.10.0.8	1

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-164-1.NASL
description	Max Vozeler discovered that the the
last seen	2020-06-01
modified	2020-06-02
plugin id	20570
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20570
title	Ubuntu 4.10 / 5.04 : netpbm-free vulnerability (USN-164-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-164-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20570); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-2471"); script_bugtraq_id(14379); script_xref(name:"USN", value:"164-1"); script_name(english:"Ubuntu 4.10 / 5.04 : netpbm-free vulnerability (USN-164-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Max Vozeler discovered that the the 'pstopnm' conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm10-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm9-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:netpbm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10\|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"libnetpbm10", pkgver:"10.0-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnetpbm10-dev", pkgver:"10.0-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnetpbm9", pkgver:"10.0-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnetpbm9-dev", pkgver:"10.0-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"netpbm", pkgver:"10.0-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnetpbm10", pkgver:"10.0-8ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnetpbm10-dev", pkgver:"10.0-8ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnetpbm9", pkgver:"10.0-8ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnetpbm9-dev", pkgver:"10.0-8ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"netpbm", pkgver:"10.0-8ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnetpbm10 / libnetpbm10-dev / libnetpbm9 / libnetpbm9-dev / etc"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-133.NASL
description	Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary commands with the privileges of the user running pstopnm if they could be convinced to try to convert a malicious PostScript file. The updated packages have been patched to correct this problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	19892
published	2005-10-05
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19892
title	Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:133. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(19892); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-2471"); script_bugtraq_id(14379); script_xref(name:"MDKSA", value:"2005:133"); script_name(english:"Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary commands with the privileges of the user running pstopnm if they could be convinced to try to convert a malicious PostScript file. The updated packages have been patched to correct this problem." ); script_set_attribute( attribute:"see_also", value:"http://secunia.com/advisories/16184/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm10-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm9-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netpbm9-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm10-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm9-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetpbm9-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:netpbm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64netpbm9-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64netpbm9-devel-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64netpbm9-static-devel-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnetpbm9-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnetpbm9-devel-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnetpbm9-static-devel-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"netpbm-9.24-8.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64netpbm9-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64netpbm9-devel-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64netpbm9-static-devel-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnetpbm9-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnetpbm9-devel-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnetpbm9-static-devel-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"netpbm-9.24-8.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64netpbm10-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64netpbm10-devel-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64netpbm10-static-devel-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnetpbm10-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnetpbm10-devel-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnetpbm10-static-devel-10.26-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"netpbm-10.26-2.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-743.NASL
description	Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2471 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	19488
published	2005-08-23
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19488
title	RHEL 2.1 / 3 / 4 : netpbm (RHSA-2005:743)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:743. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19488); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-2471"); script_bugtraq_id(14379, 15128); script_xref(name:"RHSA", value:"2005:743"); script_name(english:"RHEL 2.1 / 3 / 4 : netpbm (RHSA-2005:743)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2471 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2471" ); # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:743" ); script_set_attribute( attribute:"solution", value: "Update the affected netpbm, netpbm-devel and / or netpbm-progs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm-progs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/05"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1\|3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:743"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-9.24-9.AS21.4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-devel-9.24-9.AS21.4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-progs-9.24-9.AS21.4")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-9.24-11.30.2")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-devel-9.24-11.30.2")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-progs-9.24-11.30.2")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-10.25-2.EL4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-devel-10.25-2.EL4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-progs-10.25-2.EL4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "netpbm / netpbm-devel / netpbm-progs"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1021.NASL
description	Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files.
last seen	2020-06-01
modified	2020-06-02
plugin id	22563
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22563
title	Debian DSA-1021-1 : netpbm-free - insecure program execution

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-743.NASL
description	Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2471 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	21958
published	2006-07-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21958
title	CentOS 3 / 4 : netpbm (CESA-2005:743)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200508-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-200508-04 (Netpbm: Arbitrary code execution in pstopnm) Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, to convert a PostScript file into a PBM, PGM, or PNM file. Impact : An attacker could craft a malicious PostScript file and entice a user to run pstopnm on it, resulting in the execution of arbitrary commands with the permissions of the user running pstopnm. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	19388
published	2005-08-07
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19388
title	GLSA-200508-04 : Netpbm: Arbitrary code execution in pstopnm

Oval

accepted

2013-04-29T04:15:09.921-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:11645

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2005:743

rpms

netpbm-0:10.25-2.EL4.1
netpbm-0:9.24-11.30.2
netpbm-debuginfo-0:10.25-2.EL4.1
netpbm-debuginfo-0:9.24-11.30.2
netpbm-devel-0:10.25-2.EL4.1
netpbm-devel-0:9.24-11.30.2
netpbm-progs-0:10.25-2.EL4.1
netpbm-progs-0:9.24-11.30.2

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References