Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2462.NASL
HistoryApr 30, 2012 - 12:00 a.m.

Debian DSA-2462-2 : imagemagick - several vulnerabilities

2012-04-3000:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2462. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58908);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1185", "CVE-2012-1186", "CVE-2012-1610", "CVE-2012-1798");
  script_bugtraq_id(51957, 52898);
  script_xref(name:"DSA", value:"2462");

  script_name(english:"Debian DSA-2462-2 : imagemagick - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several integer overflows and missing input validations were
discovered in the ImageMagick image manipulation suite, resulting in
the execution of arbitrary code or denial of service."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/imagemagick"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2012/dsa-2462"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the imagemagick packages.

For the stable distribution (squeeze), this problem has been fixed in
version 6.6.0.4-3+squeeze3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"imagemagick", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"imagemagick-dbg", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"imagemagick-doc", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagick++-dev", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagick++3", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagickcore-dev", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagickcore3", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagickcore3-extra", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagickwand-dev", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libmagickwand3", reference:"6.6.0.4-3+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"perlmagick", reference:"6.6.0.4-3+squeeze3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuximagemagickp-cpe:/a:debian:debian_linux:imagemagick
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

debian 2
securityvulns 4
openvas 37
nessus 23
oraclelinux 2
ubuntu 2
freebsd 1
prion 6
ubuntucve 8
redhatcve 1
debiancve 6
cve 6
amazon 1
redhat 2
centos 2
seebug 1
gentoo 1
fedora 2
debian
debian
[SECURITY] [DSA 2462-2] imagemagick regression update
2012-05-03 21:53:43
[SECURITY] [DSA 2462-1] imagemagick security update
2012-04-29 12:01:38
securityvulns
securityvulns
[SECURITY] [DSA 2462-1] imagemagick security update
2012-05-01 00:00:00
Imagemagic multiple security vulnerabilities
2012-05-01 00:00:00
Imagemagic security vulnerabilities
2014-03-31 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2462-1)
2013-09-18 00:00:00
Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
2013-09-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0763-1)
2021-06-09 00:00:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : imagemagick (multiple_vulnerabilities_in_imagemagick2)
2015-01-19 00:00:00
SuSE 11.1 Security Update : ImageMagick (SAT Patch Number 6226)
2013-01-25 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-SU-2012:0692-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2012-05-07 00:00:00
ImageMagick security update
2012-05-07 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2012-05-01 00:00:00
ImageMagick vulnerabilities
2014-03-06 00:00:00
freebsd
freebsd
ImageMagick -- multiple vulnerabilities
2012-03-28 00:00:00
prion
prion
Integer overflow
2012-06-05 22:55:00
Out-of-bounds
2012-06-05 22:55:00
Code injection
2012-06-05 22:55:00
ubuntucve
ubuntucve
CVE-2012-1610
2012-04-03 00:00:00
CVE-2012-0260
2012-06-05 00:00:00
CVE-2012-1798
2012-03-29 00:00:00
redhatcve
redhatcve
CVE-2012-1610
2015-10-30 10:10:00
debiancve
debiancve
CVE-2012-1610
2012-06-05 22:55:00
CVE-2012-0259
2012-06-05 22:55:00
CVE-2012-0260
2012-06-05 22:55:00
cve
cve
CVE-2012-1610
2012-06-05 22:55:00
CVE-2012-0259
2012-06-05 22:55:00
CVE-2012-0260
2012-06-05 22:55:00
amazon
amazon
Medium: ImageMagick
2012-05-08 23:14:00
redhat
redhat
(RHSA-2012:0544) Moderate: ImageMagick security update
2012-05-07 00:00:00
(RHSA-2012:0545) Moderate: ImageMagick security and bug fix update
2012-05-07 00:00:00
centos
centos
ImageMagick security update
2012-05-07 22:49:25
ImageMagick security update
2012-05-07 21:07:07
seebug
seebug
ImageMagick 拒绝服务漏洞(CVE-2012-0259)
2012-04-07 00:00:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2014-05-17 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: ImageMagick-6.7.0.10-5.fc16
2012-06-22 08:36:13
[SECURITY] Fedora 16 Update: ImageMagick-6.7.0.10-6.fc16
2012-08-27 22:59:31
JSON
Related for DEBIAN_DSA-2462.NASL
debian2securityvulns4openvas37nessus23oraclelinux2ubuntu2freebsd1prion6ubuntucve8redhatcve1debiancve6cve6amazon1redhat2centos2seebug1gentoo1fedora2