Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-041.NASL
HistoryFeb 18, 2007 - 12:00 a.m.

Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)

2007-02-1800:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
20
JSON

Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

This is related to an earlier fix for CVE-2006-5456 that did not fully correct the issue.

Updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:041. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(24654);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-0770");
  script_bugtraq_id(20707);
  script_xref(name:"MDKSA", value:"2007:041");

  script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and
ImageMagick allows user-assisted attackers to cause a denial of
service and possibly execute execute arbitrary code via a PALM image
that is not properly handled by the ReadPALMImage function in
coders/palm.c.

This is related to an earlier fix for CVE-2006-5456 that did not fully
correct the issue.

Updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick10.4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick10.4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick10.4.0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Image-Magick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-doc-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"perl-Image-Magick-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2007.0", reference:"ImageMagick-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"ImageMagick-doc-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libMagick10.4.0-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"perl-Image-Magick-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuximagemagickp-cpe:/a:mandriva:linux:imagemagick
mandrivalinuximagemagick-docp-cpe:/a:mandriva:linux:imagemagick-doc
mandrivalinuxlib64magick10.4.0p-cpe:/a:mandriva:linux:lib64magick10.4.0
mandrivalinuxlib64magick10.4.0-develp-cpe:/a:mandriva:linux:lib64magick10.4.0-devel
mandrivalinuxlib64magick8.4.2p-cpe:/a:mandriva:linux:lib64magick8.4.2
mandrivalinuxlib64magick8.4.2-develp-cpe:/a:mandriva:linux:lib64magick8.4.2-devel
mandrivalinuxlibmagick10.4.0p-cpe:/a:mandriva:linux:libmagick10.4.0
mandrivalinuxlibmagick10.4.0-develp-cpe:/a:mandriva:linux:libmagick10.4.0-devel
mandrivalinuxlibmagick8.4.2p-cpe:/a:mandriva:linux:libmagick8.4.2
mandrivalinuxlibmagick8.4.2-develp-cpe:/a:mandriva:linux:libmagick8.4.2-devel
Rows per page:
1-10 of 131

Related

openvas 19
nessus 19
debiancve 3
ubuntucve 3
redhatcve 1
debian 2
securityvulns 4
ubuntu 2
cve 3
prion 2
suse 1
osv 2
gentoo 2
slackware 1
centos 2
oraclelinux 1
redhat 1
fedora 2
openvas
openvas
Ubuntu Update for imagemagick vulnerabilities USN-422-1
2009-03-23 00:00:00
Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)
2009-04-09 00:00:00
Debian Security Advisory DSA 1260-1 (imagemagick)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-1260-1 : imagemagick - buffer overflow
2007-02-15 00:00:00
Ubuntu 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerabilities (USN-422-1)
2007-11-10 00:00:00
openSUSE 10 Security Update : ImageMagick (ImageMagick-2585)
2007-10-17 00:00:00
debiancve
debiancve
CVE-2007-0770
2007-02-12 20:28:00
CVE-2006-5456
2006-10-23 17:07:00
CVE-2008-6070
2009-02-10 06:59:00
ubuntucve
ubuntucve
CVE-2007-0770
2007-02-12 00:00:00
CVE-2006-5456
2006-10-23 00:00:00
CVE-2008-6070
2009-02-10 00:00:00
redhatcve
redhatcve
CVE-2007-0770
2015-10-30 10:18:28
debian
debian
[SECURITY] [DSA 1260-1] New imagemagick package fix arbitrary code execution
2007-02-14 00:00:00
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities
2006-11-19 00:00:00
securityvulns
securityvulns
ImageMagick buffer overflow
2007-02-11 00:00:00
[ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability
2007-02-11 00:00:00
[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows
2006-11-14 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2007-02-15 00:00:00
imagemagick vulnerability
2006-11-01 00:00:00
cve
cve
CVE-2007-0770
2007-02-12 20:28:00
CVE-2006-5456
2006-10-23 17:07:00
CVE-2008-6070
2009-02-10 06:59:00
prion
prion
Buffer overflow
2007-02-12 20:28:00
Heap overflow
2009-02-10 06:59:00
suse
suse
remote denial of service in ImageMagick
2006-11-14 12:50:06
osv
osv
imagemagick
2007-02-14 00:00:00
imagemagick
2006-11-19 00:00:00
gentoo
gentoo
ImageMagick: PALM and DCM buffer overflows
2006-11-24 00:00:00
GraphicsMagick: PALM and DCM buffer overflows
2006-11-13 00:00:00
slackware
slackware
[slackware-security] imagemagick
2007-03-08 02:37:38
centos
centos
ImageMagick security update
2007-02-15 20:32:09
ImageMagick security update
2007-02-18 23:20:12
oraclelinux
oraclelinux
Moderate: ImageMagick security update
2007-02-15 00:00:00
redhat
redhat
(RHSA-2007:0015) Moderate: ImageMagick security update
2007-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: ImageMagick-6.2.5.4-4.2.1.fc5.8
2007-04-17 12:53:26
[SECURITY] Fedora 7 Update: GraphicsMagick-1.1.8-2.fc7
2007-07-30 17:04:58
JSON
Related for MANDRAKE_MDKSA-2007-041.NASL
openvas19nessus19debiancve3ubuntucve3redhatcve1debian2securityvulns4ubuntu2cve3prion2suse1osv2gentoo2slackware1centos2oraclelinux1redhat1fedora2