Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3363-1.NASL
HistoryJul 25, 2017 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS : ImageMagick vulnerabilities (USN-3363-1)

2017-07-2500:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
JSON

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3363-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(101950);
  script_version("3.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2017-10928",
    "CVE-2017-11141",
    "CVE-2017-11170",
    "CVE-2017-11188",
    "CVE-2017-11352",
    "CVE-2017-11360",
    "CVE-2017-11447",
    "CVE-2017-11448",
    "CVE-2017-11449",
    "CVE-2017-11450",
    "CVE-2017-11478",
    "CVE-2017-9261",
    "CVE-2017-9262",
    "CVE-2017-9405",
    "CVE-2017-9407",
    "CVE-2017-9409",
    "CVE-2017-9439",
    "CVE-2017-9440",
    "CVE-2017-9501"
  );
  script_xref(name:"USN", value:"3363-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : ImageMagick vulnerabilities (USN-3363-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that ImageMagick incorrectly handled certain
malformed image files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted image, an attacker could
exploit this to cause a denial of service or possibly execute code
with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3363-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11450");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-arch-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagick++5', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagickcore5', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagickcore5-extra', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'libmagickwand5', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '14.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.7.7.10-6ubuntu3.8'},
    {'osver': '16.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'imagemagick-6.q16', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libimage-magick-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libimage-magick-q16-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagick++-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-5v5', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6-arch-config', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2-extra', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.8'},
    {'osver': '16.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.8.9.9-7ubuntu5.8'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'imagemagick / imagemagick-6.q16 / imagemagick-common / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuximagemagickp-cpe:/a:canonical:ubuntu_linux:imagemagick
canonicalubuntu_linuximagemagick-6.q16p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16
canonicalubuntu_linuximagemagick-commonp-cpe:/a:canonical:ubuntu_linux:imagemagick-common
canonicalubuntu_linuxlibimage-magick-perlp-cpe:/a:canonical:ubuntu_linux:libimage-magick-perl
canonicalubuntu_linuxlibimage-magick-q16-perlp-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16-perl
canonicalubuntu_linuxlibmagick%2b%2b-6-headersp-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6-headers
canonicalubuntu_linuxlibmagick%2b%2b-6.q16-5v5p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5
canonicalubuntu_linuxlibmagick%2b%2b-6.q16-devp-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-dev
canonicalubuntu_linuxlibmagick%2b%2b-devp-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-dev
canonicalubuntu_linuxlibmagick%2b%2b5p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5
Rows per page:
1-10 of 261

References

Related

ubuntu 1
openvas 19
cloudfoundry 1
nessus 12
debian 2
osv 19
suse 4
cve 20
redhatcve 20
veracode 16
prion 20
ubuntucve 20
debiancve 20
fedora 25
ubuntu
ubuntu
ImageMagick vulnerabilities
2017-07-24 00:00:00
openvas
openvas
Ubuntu Update for imagemagick USN-3363-1
2017-07-25 00:00:00
Debian Security Advisory DSA 3914-1 (imagemagick - security update)
2017-07-18 00:00:00
Debian Security Advisory DSA 3914-1 (imagemagick - security update)
2017-07-18 00:00:00
cloudfoundry
cloudfoundry
USN-3363-1: ImageMagick vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
nessus
nessus
Debian DSA-3914-1 : imagemagick - security update
2017-07-19 00:00:00
Debian DLA-1000-1 : imagemagick security update
2017-06-26 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2017-971)
2017-08-29 00:00:00
debian
debian
[SECURITY] [DLA 1000-1] imagemagick security update
2017-06-24 23:27:35
[SECURITY] [DSA 3914-1] imagemagick security update
2017-07-18 21:42:34
osv
osv
imagemagick - security update
2017-06-24 00:00:00
imagemagick - security update
2017-07-18 00:00:00
CVE-2017-9405
2017-06-02 19:29:00
suse
suse
Security update for ImageMagick (important)
2017-08-28 15:08:08
Security update for ImageMagick (important)
2017-08-17 12:09:15
Security update for ImageMagick (important)
2017-08-16 18:08:05
cve
cve
CVE-2017-9407
2017-06-02 19:29:00
CVE-2017-9405
2017-06-02 19:29:00
CVE-2017-9409
2017-06-02 19:29:00
redhatcve
redhatcve
CVE-2017-9409
2017-06-05 14:20:08
CVE-2017-9405
2017-06-05 14:19:48
CVE-2017-9407
2017-06-05 14:19:36
veracode
veracode
Denial Of Service (DoS) Through Memory Leak
2017-06-05 01:30:44
Denial Of Service (DoS) Through Memory Leak
2017-06-05 01:03:58
Denial Of Service (DoS) Through Memory Leak
2017-06-05 01:26:14
prion
prion
Memory corruption
2017-06-02 19:29:00
Memory corruption
2017-06-02 19:29:00
Memory corruption
2017-06-02 19:29:00
ubuntucve
ubuntucve
CVE-2017-9407
2017-06-02 00:00:00
CVE-2017-9405
2017-06-02 00:00:00
CVE-2017-9409
2017-06-02 00:00:00
debiancve
debiancve
CVE-2017-9407
2017-06-02 19:29:00
CVE-2017-9405
2017-06-02 19:29:00
CVE-2017-11188
2017-07-12 15:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: k3d-0.8.0.6-8.fc26
2017-09-19 03:27:27
[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1
2017-09-19 03:27:26
[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-4.fc26.2
2017-09-19 03:27:34
JSON
Related for UBUNTU_USN-3363-1.NASL
ubuntu1openvas19cloudfoundry1nessus12debian2osv19suse4cve20redhatcve20veracode16prion20ubuntucve20debiancve20fedora25