Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2471

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2471
Last Modified 30 Nov 2010 12:00:00
Published 05 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2471

Summary

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.

Vulnerable Systems

Application

  • Netpbm 2.10.0.8


References

XF - netpbm-dsafer-command-execution(21500)

TRUSTIX - 2005-0038

BID - 14379

REDHAT - RHSA-2005:743

OSVDB - 18253

SUSE - SUSE-SR:2005:019

DEBIAN - DSA-1021

SECTRACK - 1014752

SECUNIA - 19436

SECUNIA - 18330

SECUNIA - 16184

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757


Last Updated: 27 May 2016 10:40:32