|
|
Log in / Subscribe / Register

netpbm: insecure temporary files

Package(s):netpbm CVE #(s):CAN-2003-0924
Created:January 19, 2004 Updated:December 29, 2004
Description: netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Alerts:
Conectiva CLA-2004:909 netpbm 2004-12-29
Gentoo 200410-02 netpbm 2004-10-04
Mandrake MDKSA-2004:011-1 netpbm 2004-09-27
Whitebox WBSA-2004:031-01 NetPBM 2004-02-12
Mandrake MDKSA-2004:011 netpbm 2004-02-11
Red Hat RHSA-2004:030-01 netpbm 2004-02-05
Fedora FEDORA-2004-068 netpbm 2004-02-06
Red Hat RHSA-2004:031-01 symlink 2004-01-22
Debian DSA-426-1 netpbm-free 2004-01-18
to post comments

netpbm: insecure temporary files

Posted Feb 12, 2004 6:01 UTC (Thu) by mattdm (subscriber, #18) [Link]

Note that the red hat update for netpbm requires a newer version of mktemp than is in RHL 9. You'll want to build and install the one from Fedora Core 1 or somewhere, or wait until they update the update.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds