Summary
The remote host is missing updates announced in
advisory GLSA 200410-02.
Solution
All Netpbm users should upgrade to an unaffected version:
# emerge sync
# emerge -pv '>=media-libs/netpbm-10.0'
# emerge '>=media-libs/netpbm-10.0'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200410-02 http://bugs.gentoo.org/show_bug.cgi?id=65647
http://www.kb.cert.org/vuls/id/487102
Insight
Utilities included in old Netpbm versions are vulnerable to multiple temporary files issues, potentially allowing a local attacker to overwrite files with the rights of the user running the utility.
Severity
Classification
-
CVE CVE-2003-0924 -
CVSS Base Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities