English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-19
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 07 Feb 2005
 Last revised: 07 Feb 2005

 Package: netpbm

 Summary: Symlink attack in netpbm may allow arbitrary file overwriting

 More information:
    The netpbm package contains a library of functions which support programs
    for handling various graphics file formats.

    A vulnerability in the manner in which netpbm handles temporary files
    could allow local users to overwrite arbitrary files via a symlink attack.

 Impact:
    This vulerability could allow attackers to overwrite arbitrary files
    via a symbolic link attack.

 Affected Products:
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update netpbm netpbm-devel netpbm-progs
 ---------------------------------------------

 <Turbolinux 8 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netpbm-9.25-3.src.rpm
      2065779 d09e323fd80d75f155ccd08f28702f6e

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-9.25-3.i586.rpm
        98115 83309ca9209bdea0cf5a32e92980075b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
       114415 65f426ba58c638d3b8eedfca5df43909
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
      1150412 3e39bc0b01c94b0263dd8ba23dbed0aa

 <Turbolinux 8 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netpbm-9.25-3.src.rpm
      2065779 e3e9752805ac8b9fad72f164de75886e

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-9.25-3.i586.rpm
        98171 6f92aebe81941383c6226c1504fbccc9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
       114479 988291608ed6aeae3e15457d3a3a84ee
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
      1149972 6089152aca6eb219dbc190ec24889529

 <Turbolinux 7 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netpbm-9.14-2.src.rpm
      2099125 e055878b9d5f6de0512b1ea7bdb2ef9d

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-9.14-2.i586.rpm
        82255 46dd4127b57532ef0ef848e1f79d05ac
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
       104175 5de813b7c6c018dae8aadf23ecbb4bb9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
      1058389 febc163587b87fb597cc3ece59b60af2

 <Turbolinux 7 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netpbm-9.14-2.src.rpm
      2099125 50b5b0ae40301739b06a50c287a19b09

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-9.14-2.i586.rpm
        82263 a2b1ca87c21f79fd345f480c577cef9e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
       104255 f77a4e19f384961233710e95aa2c472c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
      1058246 542389d46332d97e4b493bb953578777

 References:

 CVE
   [CAN-2003-0924]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

 --------------------------------------------------------------------------
 Revision History
    07 Feb 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCB0gtK0LzjOqIJMwRApwqAKCOo2NmIGja14oxU8P9QluEVin10ACfYveB
7Z/eLcvU3NWTz9XpwVjuwa0=
=GPmx
-----END PGP SIGNATURE-----



© 1998-2025 E-Soft Inc. All rights reserved.