The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of netpbm: several overflows of pnmtopng

Synthesis of the vulnerability 

When pnmtopng is called on a malicious PNM file, code can be run with user's rights.
Vulnerable software: Debian, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Creation date: 01/12/2005.
Références of this computer vulnerability: 20060101-01-U, BID-15514, CERTA-2005-AVI-466, CVE-2005-3632, DSA-904-1, MDKSA-2005:217, RHSA-2005:843, RHSA-2005:843-01, SUSE-SR:2005:028, VIGILANCE-VUL-5383.

Description of the vulnerability 

Netpbm graphic utility suite converts images using PNM image formats.

Tool pnmtopng converts a PNM image to a PNG image. This tool has several overflows whose technical details are unknown.

These vulnerabilities permit an attacker to execute code on computer, if user opens a PNM file with pnmtopng.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness announce impacts software or systems such as Debian, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this security alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat 

Netpbm: versions 10.26.20 and 10.30.
Versions 10.26.20 and 10.30 are corrected:
  http://sourceforge.net/project/showfiles.php?group_id=5128

Debian: new netpbm-free packages.
New packages are available:
Debian GNU/Linux 3.0 alias woody
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_i386.deb
      Size/MD5 checksum: 62566 727555759e3ee96e14afc427fd1a4ed4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_i386.deb
      Size/MD5 checksum: 103548 e4d71b9a616d71d62fda09bda5488edd
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_i386.deb
      Size/MD5 checksum: 1078678 e308c85fd1bee7a94f7d07eb0814e607
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_ia64.deb
      Size/MD5 checksum: 96604 aa26dc77cfae42c85fc827080c3c14cc
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_ia64.deb
      Size/MD5 checksum: 170564 0f28db29582f8574fe5efec313f0381a
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_ia64.deb
      Size/MD5 checksum: 1608842 b600f6008f1bec860ace6011e2fa9c0a
Debian GNU/Linux 3.1 alias sarge
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_i386.deb
      Size/MD5 checksum: 64926 ce68c6c99dd0d6946caa158974a3a201
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_i386.deb
      Size/MD5 checksum: 110566 39d16a56f46bd49d39a6dc6fd89aa08a
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_i386.deb
      Size/MD5 checksum: 72040 e5dffe84d5d74b74d0e8acaaed1c3d55
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_i386.deb
      Size/MD5 checksum: 110738 305012924bc7390035d1d69b6c5c721d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_i386.deb
      Size/MD5 checksum: 1178734 999eddf08e1d0c24d16f601a220c9b93
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_ia64.deb
      Size/MD5 checksum: 96466 544eb8f9ff0086c3e9d3abdec86fbec9
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_ia64.deb
      Size/MD5 checksum: 154668 80d6aebf07b4338ce1816959226c1227
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_ia64.deb
      Size/MD5 checksum: 107210 515ff376d227fa5cd1e3f314da465934
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_ia64.deb
      Size/MD5 checksum: 155020 3b539cd2d6b0fee495dcc954faedf0a1
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_ia64.deb
      Size/MD5 checksum: 1816522 cb9920b1ce0035f070db19adbc15373b

Mandriva: new netpbm packages.
New packages are available:
 Mandriva Linux 10.1:
 550eae5a55b39101687b7a0532219627 10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm
 b3b2ea4437130703b68a5b3868eaec0b 10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm
 653e84715019165ea620d64e5969714f 10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm
 ac1db50f9caf2731a0dbc63e55688ef9 10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm
 c0b1026156fd6376adba353b4f5d0528 10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm
 Mandriva Linux 10.1/X86_64:
 a4fb05222ac3917637ae6a0773f7cdc9 x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm
 32951fca67c13886bdb779de08f8edf3 x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm
 dafac5b2622f774bc311ef6004e4fa3e x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm
 6984338299c35aca2489b8dae94e9e65 x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm
 c0b1026156fd6376adba353b4f5d0528 x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm
 Corporate Server 2.1:
 cfeeabb6edac6d7234f6e09beb19ff36 corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm
 4b34fb42803f511646d0129d7fc7dd2f corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm
 89b46b4d6a89797916ee54a48a38a732 corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm
 c4af1176267c16480c3d15f24dcb5db9 corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm
 0bf9af1326905eb13fb3f4fb66424653 corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm
 Corporate Server 2.1/X86_64:
 27b0f5ef22581bc5c5c23bf880302c58 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm
 1743d3247a1e3de046fbf31ce37e443d x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm
 4e67e3d7940f30c3bc86cf5a2f215543 x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm
 7ab637139c9b1977923cae04dd3cc9de x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm
 0bf9af1326905eb13fb3f4fb66424653 x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm
 Corporate 3.0:
 784b993f4e0409fe5255c3228c72ea3b corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm
 319272b7f74900cabd06c6fa5e0b52b2 corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm
 e6feb19b8b2c0ac6d522c1a73035811d corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm
 42406aa8e04afd173d2194b50d11ca13 corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm
 17a729bc07c296f77efb87301d122aa6 corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 d0f1d6da66166acfc0ce18dfd55548e1 x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm
 9e5d975423d7d00a1cfc5b1ea87c07c4 x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm
 f3f7f6ec681c2edbf29e789e1f9e1887 x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm
 5f27304b1b68639211c34e573c163b52 x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm
 17a729bc07c296f77efb87301d122aa6 x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm

RHEL: new netpbm packages.
New packages are available:
Red Hat Enterprise Linux version 2.1: netpbm-9.24-9.AS21.6
Red Hat Enterprise Linux version 3: netpbm-9.24-11.30.4

SGI ProPack: new cups, httpd, mod_auth_pgsql, xpdf, netpbm, perl packages.
Patch 10258 is corrected.
Individual packages are available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SUSE: new netpbm, opera, inkscape, apache2, mozilla-mail, sylpheed-claws, phpMyAdmin, gnump3d, squid, php4, php5 packages.
New packages are available with FTP or YaST.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.