Red Hat Bugzilla – Bug 113842
CAN-2003-0924 netpbm temporary file vulnerabilities
Last modified: 2015-03-04 20:13:19 EST
A number of temporary file bugs have been found in versions of NetPBM
shipped with Red Hat Linux 9. These could allow a local attacker the
ability to overwrite or create files as a user running the netpbm
Low risk as few programs use the netpbm utilities for image conversion.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.
This "upgrade" will of course affect another error in conjunction to
PHP and Apache. When uploading a picture, netpbm programs attempt to
use the mktemp function but fails immensly after sending a parameter
not compatible with my RedHat system (9.0, kernel mod 2.40-31-9).
mktemp fails because of parameter -t ( which does not exist on my
system ) and uploaded pictures are damaged because of the PHP script
retreiving wrong data as netpbm fails to create the file.