Bug 64543 (CVE-2003-0924)

Summary: VUL-0: CVE-2003-0924: netpbm: insecure tmp file handling
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Vladimir Nadvornik <nadvornik>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0924: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2004-12-30 18:44:29 UTC 
Hi, 
Connectiva released updates for an old bug. 
" 
DESCRIPTION 
 netpbm[1] are tools for manipulating graphic files in many formats. 
 
 Utilities provided by the netpbm package prior to the 9.25 version 
 contain defects[2] in temporary file handling. They create temporary 
 files with predictable names without checking if the target file 
 already exists. 
 
 
SOLUTION 
 It is recommended that all netpbm users upgrade their packages. 
 
 
 REFERENCES 
 1.http://netpbm.sourceforge.net/ 
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0924 
" 
 
CVE-2003-0924 
 
 
I did not found a hint in bugzilla if we fixed it or not.
Comment 1 Thomas Biege 2004-12-30 18:44:30 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Vladimir Nadvornik 2005-01-03 20:07:26 UTC 
We have it fixed. 

*** This bug has been marked as a duplicate of 49036 ***
Comment 3 Thomas Biege 2009-10-13 19:45:10 UTC 
CVE-2003-0924: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P)