1. CVE-Search
  2. CVE-2003-0924
ID CVE-2003-0924
Summary netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
References
Vulnerable Configurations
  • cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*
    cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-04-25T19:52:42.229-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
    family unix
    id oval:org.mitre.oval:def:804
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat netpbm File Overwrite Vulnerability
    version 38
  • accepted 2007-04-25T19:52:49.762-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
    family unix
    id oval:org.mitre.oval:def:810
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Enterprise 3 netpbm File Overwrite Vulnerability
    version 38
redhat via4
advisories
  • rhsa
    id RHSA-2004:030
  • rhsa
    id RHSA-2004:031
rpms
  • netpbm-0:9.24-11.30.1
  • netpbm-debuginfo-0:9.24-11.30.1
  • netpbm-devel-0:9.24-11.30.1
  • netpbm-progs-0:9.24-11.30.1
refmap via4
bid 9442
cert-vn VU#487102
debian DSA-426
gentoo GLSA-200410-02
mandrake MDKSA-2004:011
sgi 20040201-01-U
xf netpbm-temp-insecure-file(14874)
Last major update 10-10-2017 - 01:30
Published 17-02-2004 - 05:00
Last modified 10-10-2017 - 01:30
Back to Top