Ubuntu 4.10 / 5.04 : netpbm-free vulnerability (USN-164-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Max Vozeler discovered that the the 'pstopnm' conversion tool did not
use the -dSAFER option when calling ghostscript. This option prohibits
file operations and calling commands within PostScript code. This flaw
could be exploited by an attacker to execute arbitrary code if he
tricked an user (or an automatic server) into processing a specially
crafted PostScript document with pstopnm.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20570 ()

Bugtraq ID:

CVE ID: CVE-2005-2471