Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2015-105.NASL
HistoryMar 30, 2015 - 12:00 a.m.

Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)

2015-03-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

Updated imagemagick package fixes security vulnerabilities :

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030).

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:105. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82358);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-1958", "CVE-2014-2030", "CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716");
  script_xref(name:"MDVSA", value:"2015:105");

  script_name(english:"Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated imagemagick package fixes security vulnerabilities :

A buffer overflow flaw was found in the way ImageMagick handled PSD
images that use RLE encoding. An attacker could create a malicious PSD
image file that, when opened in ImageMagick, would cause ImageMagick
to crash or, potentially, execute arbitrary code with the privileges
of the user running ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD
images when the input data has a large number of unlabeled layers
(CVE-2014-2030).

ImageMagick is vulnerable to a denial of service due to out-of-bounds
memory accesses in the resize code (CVE-2014-8354), PCX parser
(CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder
(CVE-2014-8716)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0087.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0482.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imagemagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imagemagick-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imagemagick-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magick++-6Q16_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magick-6Q16_1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Image-Magick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"imagemagick-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"imagemagick-desktop-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"imagemagick-doc-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64magick++-6Q16_3-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64magick-6Q16_1-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64magick-devel-6.8.7.0-3.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"perl-Image-Magick-6.8.7.0-3.1.mbs2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuximagemagickp-cpe:/a:mandriva:linux:imagemagick
mandrivalinuximagemagick-desktopp-cpe:/a:mandriva:linux:imagemagick-desktop
mandrivalinuximagemagick-docp-cpe:/a:mandriva:linux:imagemagick-doc
mandrivalinuxlib64magick%2b%2b-6q16_3p-cpe:/a:mandriva:linux:lib64magick%2b%2b-6q16_3
mandrivalinuxlib64magick-6q16_1p-cpe:/a:mandriva:linux:lib64magick-6q16_1
mandrivalinuxlib64magick-develp-cpe:/a:mandriva:linux:lib64magick-devel
mandrivalinuxperl-image-magickp-cpe:/a:mandriva:linux:perl-image-magick
mandrivabusiness_server2cpe:/o:mandriva:business_server:2

Related

nessus 21
securityvulns 4
openvas 21
mageia 3
debian 4
osv 4
fedora 3
cve 7
ubuntucve 7
prion 7
debiancve 7
ubuntu 2
amazon 1
veracode 4
archlinux 1
gentoo 1
nessus
nessus
SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)
2014-12-15 00:00:00
Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)
2014-11-26 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1396-1)
2014-11-13 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:226 ] imagemagick
2014-11-30 00:00:00
imagemagic DoS
2014-11-30 00:00:00
Imagemagic security vulnerabilities
2014-03-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1631-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2014-0482)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1595-1)
2021-04-19 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2014-11-22 13:54:50
Updated imagemagick package fixes security vulnerabilities
2014-02-21 22:10:03
Updated graphicsmagick packages fix security vulnerability
2014-11-25 12:21:26
debian
debian
[SECURITY] [DLA 242-1] imagemagick security update
2015-06-11 20:08:07
[SECURITY] [DSA 2898-1] imagemagick security update
2014-04-09 17:11:54
[SECURITY] [DLA 90-1] imagemagick security update
2014-11-22 21:56:15
osv
osv
imagemagick - security update
2015-06-11 00:00:00
imagemagick - security update
2014-04-09 00:00:00
imagemagick - security update
2014-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: ImageMagick-6.8.8.10-9.fc22
2015-03-15 10:53:26
[SECURITY] Fedora 21 Update: ImageMagick-6.8.8.10-6.fc21
2015-04-13 07:04:03
[SECURITY] Fedora 20 Update: ImageMagick-6.8.6.3-4.fc20
2014-04-15 15:38:07
cve
cve
CVE-2014-1958
2020-02-06 15:15:00
CVE-2014-8716
2017-04-11 19:59:00
CVE-2014-8354
2017-04-11 19:59:00
ubuntucve
ubuntucve
CVE-2014-1958
2014-02-21 00:00:00
CVE-2014-8716
2014-11-12 00:00:00
CVE-2014-8354
2014-10-31 00:00:00
prion
prion
Buffer overflow
2020-02-06 15:15:00
Out-of-bounds
2017-04-11 19:59:00
Out-of-bounds
2017-04-11 19:59:00
debiancve
debiancve
CVE-2014-1958
2020-02-06 15:15:00
CVE-2014-8716
2017-04-11 19:59:00
CVE-2014-8562
2017-04-11 19:59:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2014-03-06 00:00:00
ImageMagick vulnerabilities
2016-11-21 00:00:00
amazon
amazon
Medium: ImageMagick
2014-05-13 14:03:00
veracode
veracode
Denial Of Service (DoS)
2017-04-12 00:37:03
Denial Of Service (DoS)
2017-04-12 01:19:37
Denial Of Service (DoS) Through Out Of Bounds Read
2017-04-12 00:46:05
archlinux
archlinux
imagemagick: denial of service
2014-11-13 00:00:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2014-05-17 00:00:00
JSON
Related for MANDRIVA_MDVSA-2015-105.NASL
nessus21securityvulns4openvas21mageia3debian4osv4fedora3cve7ubuntucve7prion7debiancve7ubuntu2amazon1veracode4archlinux1gentoo1