English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-19
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 07 Feb 2005
 Last revised: 07 Feb 2005

 Package: netpbm

 Summary: Symlink attack in netpbm may allow arbitrary file overwriting

 More information:
    The netpbm package contains a library of functions which support programs
    for handling various graphics file formats.

    A vulnerability in the manner in which netpbm handles temporary files
    could allow local users to overwrite arbitrary files via a symlink attack.

 Impact:
    This vulerability could allow attackers to overwrite arbitrary files
    via a symbolic link attack.

 Affected Products:
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update netpbm netpbm-devel netpbm-progs
 ---------------------------------------------

 <Turbolinux 8 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netpbm-9.25-3.src.rpm
      2065779 d09e323fd80d75f155ccd08f28702f6e

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-9.25-3.i586.rpm
        98115 83309ca9209bdea0cf5a32e92980075b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
       114415 65f426ba58c638d3b8eedfca5df43909
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
      1150412 3e39bc0b01c94b0263dd8ba23dbed0aa

 <Turbolinux 8 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netpbm-9.25-3.src.rpm
      2065779 e3e9752805ac8b9fad72f164de75886e

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-9.25-3.i586.rpm
        98171 6f92aebe81941383c6226c1504fbccc9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
       114479 988291608ed6aeae3e15457d3a3a84ee
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
      1149972 6089152aca6eb219dbc190ec24889529

 <Turbolinux 7 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netpbm-9.14-2.src.rpm
      2099125 e055878b9d5f6de0512b1ea7bdb2ef9d

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-9.14-2.i586.rpm
        82255 46dd4127b57532ef0ef848e1f79d05ac
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
       104175 5de813b7c6c018dae8aadf23ecbb4bb9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
      1058389 febc163587b87fb597cc3ece59b60af2

 <Turbolinux 7 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netpbm-9.14-2.src.rpm
      2099125 50b5b0ae40301739b06a50c287a19b09

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-9.14-2.i586.rpm
        82263 a2b1ca87c21f79fd345f480c577cef9e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
       104255 f77a4e19f384961233710e95aa2c472c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
      1058246 542389d46332d97e4b493bb953578777

 References:

 CVE
   [CAN-2003-0924]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

 --------------------------------------------------------------------------
 Revision History
    07 Feb 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCB0gtK0LzjOqIJMwRApwqAKCOo2NmIGja14oxU8P9QluEVin10ACfYveB
7Z/eLcvU3NWTz9XpwVjuwa0=
=GPmx
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.