CVE-2005-2978
CVSS7.5
发布时间 :2005-10-18 18:02:00
修订时间 :2011-03-07 21:25:23
NMCOPS    

[原文]pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.


[CNNVD]NetPBM PNMToPNG缓冲区溢出漏洞(CNNVD-200510-136)

        NetPBM是一个图象的格式转换和简单编辑软件.
        pnmtopng in netpbm10.25之前版本在使用-trans选项时,在将Portable Anymap (PNM)图像转换为Portable Network Graphics (PNG)时使用未初始化的size和index变量,可能会使攻击者通过修改堆栈来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:netpbm:netpbm:10.10
cpe:/a:netpbm:netpbm:10.23
cpe:/a:netpbm:netpbm:10.12
cpe:/a:netpbm:netpbm:10.11
cpe:/a:netpbm:netpbm:10.15
cpe:/a:netpbm:netpbm:10.2
cpe:/a:netpbm:netpbm:10.4
cpe:/a:netpbm:netpbm:10.22
cpe:/a:netpbm:netpbm:10.3
cpe:/a:netpbm:netpbm:10.9
cpe:/a:netpbm:netpbm:10.13
cpe:/a:netpbm:netpbm:10.20
cpe:/a:netpbm:netpbm:10.17
cpe:/a:netpbm:netpbm:10.0
cpe:/a:netpbm:netpbm:10.21
cpe:/a:netpbm:netpbm:10.1
cpe:/a:netpbm:netpbm:10.18
cpe:/a:netpbm:netpbm:10.16
cpe:/a:netpbm:netpbm:10.6
cpe:/a:netpbm:netpbm:10.7
cpe:/a:netpbm:netpbm:10.8
cpe:/a:netpbm:netpbm:10.19
cpe:/a:netpbm:netpbm:10.5
cpe:/a:netpbm:netpbm:10.24
cpe:/a:netpbm:netpbm:10.14

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10135pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2978
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2978
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-136
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278
(VENDOR_ADVISORY)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278
http://www.vupen.com/english/advisories/2005/2133
(UNKNOWN)  VUPEN  ADV-2005-2133
http://www.redhat.com/support/errata/RHSA-2005-793.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:793
http://www.ubuntulinux.org/support/documentation/usn/usn-210-1
(UNKNOWN)  UBUNTU  USN-210-1
http://www.securityfocus.com/bid/15128
(UNKNOWN)  BID  15128
http://www.novell.com/linux/security/advisories/2005_24_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:024
http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml
(UNKNOWN)  GENTOO  GLSA-200510-18
http://www.debian.org/security/2005/dsa-878
(UNKNOWN)  DEBIAN  DSA-878
http://securitytracker.com/id?1015071
(UNKNOWN)  SECTRACK  1015071
http://secunia.com/advisories/17357
(UNKNOWN)  SECUNIA  17357
http://secunia.com/advisories/17282
(UNKNOWN)  SECUNIA  17282
http://secunia.com/advisories/17265
(UNKNOWN)  SECUNIA  17265
http://secunia.com/advisories/17256
(UNKNOWN)  SECUNIA  17256
http://secunia.com/advisories/17222
(UNKNOWN)  SECUNIA  17222
http://secunia.com/advisories/17221
(UNKNOWN)  SECUNIA  17221

- 漏洞信息

NetPBM PNMToPNG缓冲区溢出漏洞
高危 边界条件错误
2005-10-18 00:00:00 2005-10-20 00:00:00
远程  
        NetPBM是一个图象的格式转换和简单编辑软件.
        pnmtopng in netpbm10.25之前版本在使用-trans选项时,在将Portable Anymap (PNM)图像转换为Portable Network Graphics (PNG)时使用未初始化的size和index变量,可能会使攻击者通过修改堆栈来执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F41072)

Debian Linux Security Advisory 878-1 (PacketStormID:F41072)
2005-10-30 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary,local
linux,debian
CVE-2005-2978
[点击下载]

Debian Security Advisory DSA 878-1 - A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 878-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 28th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : netpbm-free
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-2978

A buffer overflow has been identified in the pnmtopng component of the
netpbm package, a set of graphics conversion tools.  This
vulnerability could allow an attacker to execute arbitrary code as a
local user by providing a specially crafted PNM file.

The old stable distribution (woody) it not vulnerable to this problem.

For the stable distribution (sarge) this problem has been fixed in
version 10.0-8sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 10.0-10.

We recommend that you upgrade your netpbm-free packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.dsc
      Size/MD5 checksum:      749 826066a252124fc16f23cd484665a46f
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.diff.gz
      Size/MD5 checksum:    44864 f797c3b500fc5255c3624973bce9b1c1
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5 checksum:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_alpha.deb
      Size/MD5 checksum:    82612 e3808e3b400840d9a9cb6397f85bfe8e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_alpha.deb
      Size/MD5 checksum:   145896 57d3e7b0d77e72c94812affa8f55d5fe
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_alpha.deb
      Size/MD5 checksum:    91526 a14de5dcfb2aa0698b25be38a656f036
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_alpha.deb
      Size/MD5 checksum:   146312 cd518afd280793edf6de1642fe0bf131
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_alpha.deb
      Size/MD5 checksum:  1594754 8358e104e61d84614726d16db7d7dd44

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_amd64.deb
      Size/MD5 checksum:    68698 3f7cea0750ef84bc28b71e549d2a236b
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_amd64.deb
      Size/MD5 checksum:   117940 e555e5219445a1513e08b9dd74f33be8
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_amd64.deb
      Size/MD5 checksum:    77070 4072597c94858e3dc55d402a6a892e2b
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_amd64.deb
      Size/MD5 checksum:   118338 c9ed97f95be1f82f15ab7ea55f660c7d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_amd64.deb
      Size/MD5 checksum:  1277348 76f9a183926dc8147c8a3e534b13cff5

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_arm.deb
      Size/MD5 checksum:    61762 f09e9f6e310df8460df5c24956410557
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_arm.deb
      Size/MD5 checksum:   114576 988371fd7acc8124d58220c0e41f715c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_arm.deb
      Size/MD5 checksum:    68828 f0ccd0d9dbc5167ca98bafdae9d0e281
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_arm.deb
      Size/MD5 checksum:   115000 9afda9b7e72927c8777b12d89e9cd5e2
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_arm.deb
      Size/MD5 checksum:  1226590 6deb64cdaf7dca0b6806051cc2413d85

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_i386.deb
      Size/MD5 checksum:    64900 e67ed2af944bf6bf1f47c6273882e1e4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_i386.deb
      Size/MD5 checksum:   110486 3e8778e39067e37f596aff3825ce4f20
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_i386.deb
      Size/MD5 checksum:    71980 e4317b8c78c8ecf616aa4a88663efff7
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_i386.deb
      Size/MD5 checksum:   110670 7554a1753416b9f8181bf1e901db1d37
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_i386.deb
      Size/MD5 checksum:  1199370 89b92c6db1e1c83ba67b0526af83202c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_ia64.deb
      Size/MD5 checksum:    96404 0dd071bd6d8e23fd0410bc019e4af21c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_ia64.deb
      Size/MD5 checksum:   154604 139421c3ff9e1d0452acd95527881c80
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_ia64.deb
      Size/MD5 checksum:   107152 e6c29a86515968c3e25dd5dac02cdcbe
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_ia64.deb
      Size/MD5 checksum:   154944 d86ac4d3a299478611987df9b3f5c3f5
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_ia64.deb
      Size/MD5 checksum:  1816258 88b2d95305265f79a79ae6fcc83d2e2f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_hppa.deb
      Size/MD5 checksum:    77906 64dc5c615e2e08eea14e63ed0d2c7d64
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_hppa.deb
      Size/MD5 checksum:   128022 631e0454bc5b6af236ea5e5367a517a8
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_hppa.deb
      Size/MD5 checksum:    88550 d8f28ec0ead7cff9a102b4a33f4ddceb
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_hppa.deb
      Size/MD5 checksum:   128476 d692c9ae37b89cba726d562da1fc67fe
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_hppa.deb
      Size/MD5 checksum:  1410098 20a2a03d36bdda73a41046f381024997

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_m68k.deb
      Size/MD5 checksum:    62220 5a6bdfef95705506b487e0bd714461a7
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_m68k.deb
      Size/MD5 checksum:   105320 ef901e9253a91724f49bbd89dca76858
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_m68k.deb
      Size/MD5 checksum:    69546 edbeff4a313dbada606d02b689ce7340
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_m68k.deb
      Size/MD5 checksum:   105552 2239fe471e08a1723b2dbc8a880598f3
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_m68k.deb
      Size/MD5 checksum:  1118998 22ca4cce7c7cea705a13469aa8741d93

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mips.deb
      Size/MD5 checksum:    68632 fa668ac909987ae3a67962c71d7e89fc
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mips.deb
      Size/MD5 checksum:   119972 4fdf6339e9a93dc3774c0f24d2cc20df
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mips.deb
      Size/MD5 checksum:    75434 688b39e02e20b00e69a9d4a5ddb522d5
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mips.deb
      Size/MD5 checksum:   120324 9988fa00dce2d70433a79455e410753b
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mips.deb
      Size/MD5 checksum:  1671124 f43bfd87357a69ce2a895c419b5add32

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mipsel.deb
      Size/MD5 checksum:    68336 3557cfcf06a048a93ce5908110c03bf5
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mipsel.deb
      Size/MD5 checksum:   120066 b7aebf7f19258394dd033d3d3a355ab7
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mipsel.deb
      Size/MD5 checksum:    75096 2c9fde50576a752ade83a481febd97d4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mipsel.deb
      Size/MD5 checksum:   120386 ea894ecc6f93e16ad3e1fc4eb3f4f08e
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mipsel.deb
      Size/MD5 checksum:  1677952 4a1cc9f74dc560332ce416344cc19154

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_powerpc.deb
      Size/MD5 checksum:    71068 00d0741c15434913e71d01e51e2e0c6d
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_powerpc.deb
      Size/MD5 checksum:   123548 f38add811d922e9dbfe76eab00926bb5
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_powerpc.deb
      Size/MD5 checksum:    83270 963f88dcb0f361088546b88b83500dec
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_powerpc.deb
      Size/MD5 checksum:   123850 6cfab6f90e89eda61e4c2bbf2043e74b
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_powerpc.deb
      Size/MD5 checksum:  1521270 1f73b1be18a046983600647ff5b18510

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_s390.deb
      Size/MD5 checksum:    70380 958181f098270add6a248c92e928bcdd
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_s390.deb
      Size/MD5 checksum:   115142 f4917540d6d715bc7f529ebd43a4670b
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_s390.deb
      Size/MD5 checksum:    77554 8a5317a38dbf79861398e3397b22f980
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_s390.deb
      Size/MD5 checksum:   115594 3cfc3d5c01ff2d31f24cbb3ae9d0fe6d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_s390.deb
      Size/MD5 checksum:  1256716 e7aa9837a78d34e795047737e3a2485b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_sparc.deb
      Size/MD5 checksum:    67686 5be787ff8cc66de7eaa152485696661c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_sparc.deb
      Size/MD5 checksum:   117226 4944608ebfae97bac7f6ef35f2931faa
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_sparc.deb
      Size/MD5 checksum:    74430 6db0f77ce24aa7df0c4d5cf3306fd837
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_sparc.deb
      Size/MD5 checksum:   117610 7a4293464c5613cb4ec32c720c2c7295
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_sparc.deb
      Size/MD5 checksum:  1279266 69bde0791094cfc352d5b5dc8d3680c6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDYhAFW5ql+IAeqTIRAlEbAKCCG7JwEVQkBNdPSa4McyFS81OZsgCeMWTl
wq+GPf10qiBirvw50xjU3sM=
=qrEK
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40910)

Gentoo Linux Security Advisory 200510-18 (PacketStormID:F40910)
2005-10-26 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,redhat,gentoo
CVE-2005-2978
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-18 - RedHat reported that pnmtopng is vulnerable to a buffer overflow. Versions less than 10.29 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig95519794CF43EF822FFF4292
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Netpbm: Buffer overflow in pnmtopng
      Date: October 20, 2005
      Bugs: #109705
        ID: 200510-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The pnmtopng utility, part of the Netpbm tools, contains a
vulnerability which can potentially result in the execution of
arbitrary code.

Background
==========

Netpbm is a package of 220 graphics programs and a programming library,
including pnmtopng, a tool to convert PNM image files to the PNG
format.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  media-libs/netpbm       < 10.29                          >= 10.29

Description
===========

RedHat reported that pnmtopng is vulnerable to a buffer overflow.

Impact
======

An attacker could craft a malicious PNM file and entice a user to run
pnmtopng on it, potentially resulting in the execution of arbitrary
code with the permissions of the user running pnmtopng.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Netpbm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/netpbm-10.29"

References
==========

  [ 1 ] CAN-2005-2978
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2978

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig95519794CF43EF822FFF4292
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDV3+fvcL1obalX08RAk9PAKCaKOoU6Lq04+SiB2jLETXOmAuVCwCgkm2Y
R0yt148MXufzuK7z4HGdw8M=
=YjQz
-----END PGP SIGNATURE-----

--------------enig95519794CF43EF822FFF4292--
    

- 漏洞信息

20068
Netpbm pnmtopng closestColorInPalette() Function Arbitrary Code Execution
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NetPBM PNMToPNG Buffer Overflow Vulnerability
Boundary Condition Error 15128
Yes No
2005-10-18 12:00:00 2009-07-12 05:56:00
The original discoverer of this issue is currently unknown. It was disclosed in an Ubuntu advisory.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 7.3
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Netpbm Netpbm 10.29
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
Netpbm Netpbm 10.27
Netpbm Netpbm 10.26
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
Netpbm Netpbm 10.25
Netpbm Netpbm 10.14
Netpbm Netpbm 10.13
Netpbm Netpbm 10.12
Netpbm Netpbm 10.11
Netpbm Netpbm 10.10
Netpbm Netpbm 10.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0

- 漏洞讨论

pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-trans' command line option is utilized.

This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.

This vulnerability was reported in version 10.0 of NetPBM. Other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Ubuntu has released advisory USN-210-1, along with fixes to address this issue. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2005:793-6, along with fixes to address this issue in RedHat Enterprise Linux 4 operating systems. Please see the referenced advisories for further information.

Gentoo has released advisory GLSA 200510-18 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/netpbm-10.29"

SUSE Linux has released security advisory SUSE-SR:2005:024 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Mandriva has released advisory MDKSA-2005:199 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Debian has released advisory DSA 878-1 and fixes to address this issue. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Conectiva Linux 10.0

Netpbm Netpbm 10.10

SGI ProPack 3.0 SP6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站