Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:137-1)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The XPM library which is part of the XFree86/XOrg project is used by
several GUI applications to process XPM image files.

A source code review of the XPM library, done by Thomas Biege of the
SuSE Security-Team revealed several different kinds of bugs. These
bugs include integer overflows, out-of-bounds memory access, shell
command execution, path traversal, and endless loops.

These bugs can be exploited by remote and/or local attackers to gain
access to the system or to escalate their local privileges, by using a
specially crafted xpm image.

Update :

The previous libxpm4 update had a linking error that resulted in a
missing s_popen symbol error running applications dependent on the
library. In addition, the file path checking in the security updates
prevented some applications, like gimp-2.0 from being able to save xpm
format images.

Updated packages are patched to correct all these issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15793 (mandrake_MDKSA-2004-137.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0914

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now