RHEL 2.1 : netpbm (RHSA-2003:061)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated NetPBM packages are available that fix a number of
vulnerabilities in the netpbm libraries.

The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

During an audit of the NetPBM library, Al Viro, Alan Cox, and
Sebastian Krahmer found a number of bugs that are potentially
exploitable. These bugs could be exploited by creating a carefully
crafted image in such a way that it executes arbitrary code when it is
processed by either an application from the netpbm-progs package or an
application that uses the vulnerable netpbm library.

One way that an attacker could exploit these vulnerabilities would be
to submit a carefully crafted image to be printed, as the LPRng print
spooler used by default in Red Hat Linux Advanced Products releases
uses netpbm utilities to parse various types of image files.

Users are advised to upgrade to the updated packages, which contain
patches that correct these vulnerabilities.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0146.html
http://rhn.redhat.com/errata/RHSA-2003-061.html

Solution :

Update the affected netpbm, netpbm-devel and / or netpbm-progs
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12367 ()

Bugtraq ID:

CVE ID: CVE-2003-0146