Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-7-1.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
11
JSON

A buffer overflow in imagemagick’s EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user’s privileges.

Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler’s privileges). However, Ubuntu’s standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-7-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20690);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2004-0981");
  script_xref(name:"USN", value:"7-1");

  script_name(english:"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow in imagemagick's EXIF parsing routine has been
discovered in imagemagick versions prior to 6.1.0. Trying to query
EXIF information of a malicious image file might result in execution
of arbitrary code with the user's privileges.

Since imagemagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use imagemagick, thus there is no risk of privilege escalation in
a standard installation.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"imagemagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"perlmagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuximagemagickp-cpe:/a:canonical:ubuntu_linux:imagemagick
canonicalubuntu_linuxlibmagick%2b%2b6p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b6
canonicalubuntu_linuxlibmagick%2b%2b6-devp-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b6-dev
canonicalubuntu_linuxlibmagick6p-cpe:/a:canonical:ubuntu_linux:libmagick6
canonicalubuntu_linuxlibmagick6-devp-cpe:/a:canonical:ubuntu_linux:libmagick6-dev
canonicalubuntu_linuxperlmagickp-cpe:/a:canonical:ubuntu_linux:perlmagick
canonicalubuntu_linux4.10cpe:/o:canonical:ubuntu_linux:4.10

Related

nessus 6
openvas 8
freebsd 1
cve 1
cvelist 1
gentoo 1
debiancve 1
ubuntucve 1
redhat 1
nessus
nessus
Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)
2004-12-07 00:00:00
Debian DSA-593-1 : imagemagick - buffer overflow
2004-11-17 00:00:00
FreeBSD : ImageMagick -- EXIF parser buffer overflow (eeb1c128-33e7-11d9-a9e7-0001020eed82)
2009-04-23 00:00:00
openvas
openvas
FreeBSD Ports: ImageMagick
2008-09-04 00:00:00
Debian Security Advisory DSA 593-1 (imagemagick)
2008-01-17 00:00:00
FreeBSD Ports: ImageMagick
2008-09-04 00:00:00
freebsd
freebsd
ImageMagick -- EXIF parser buffer overflow
2004-10-25 00:00:00
cve
cve
CVE-2004-0981
2005-02-09 05:00:00
cvelist
cvelist
CVE-2004-0981
2004-11-19 05:00:00
gentoo
gentoo
ImageMagick: EXIF buffer overflow
2004-11-06 00:00:00
debiancve
debiancve
CVE-2004-0981
2005-02-09 05:00:00
ubuntucve
ubuntucve
CVE-2004-0981
2005-02-09 00:00:00
redhat
redhat
(RHSA-2004:636) ImageMagick security update
2004-12-08 00:00:00
JSON
Related for UBUNTU_USN-7-1.NASL
nessus6openvas8freebsd1cve1cvelist1gentoo1debiancve1ubuntucve1redhat1