Vulnerability Description
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
CVSS Score
3.7
LOW
AV:L/AC:H/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netpbm | Netpbm | <= 9.25 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- http://www.debian.org/security/2004/dsa-426PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
- http://www.kb.cert.org/vuls/id/487102Third Party AdvisoryUS Government Resource
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
- http://www.redhat.com/support/errata/RHSA-2004-030.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-031.html
- http://www.securityfocus.com/bid/9442Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14874
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- http://www.debian.org/security/2004/dsa-426PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
- http://www.kb.cert.org/vuls/id/487102Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2003-0924?
CVE-2003-0924 is a vulnerability with a CVSS score of 3.7 (LOW). netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
How severe is CVE-2003-0924?
CVE-2003-0924 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0924?
Check the references section above for vendor advisories and patch information. Affected products include: Netpbm Netpbm.