ID UBUNTU_USN-7-1.NASL Type nessus Reporter Tenable Modified 2016-05-25T00:00:00
Description
A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.
Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-7-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(20690);
script_version("$Revision: 1.12 $");
script_cvs_date("$Date: 2016/05/25 16:34:55 $");
script_cve_id("CVE-2004-0981");
script_xref(name:"USN", value:"7-1");
script_name(english:"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"A buffer overflow in imagemagick's EXIF parsing routine has been
discovered in imagemagick versions prior to 6.1.0. Trying to query
EXIF information of a malicious image file might result in execution
of arbitrary code with the user's privileges.
Since imagemagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use imagemagick, thus there is no risk of privilege escalation in
a standard installation.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"4.10", pkgname:"imagemagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libmagick6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"perlmagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc");
}
{"id": "UBUNTU_USN-7-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "description": "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "modified": "2016-05-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2004-0981"], "type": "nessus", "lastseen": "2019-02-21T01:08:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick6"], "cvelist": ["CVE-2004-0981"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:06:30", "references": [{"idList": ["EEB1C128-33E7-11D9-A9E7-0001020EED82"], "type": "freebsd"}, {"idList": ["CVE-2004-0981"], "type": "cve"}, {"idList": ["USN-10-1", "USN-7-1"], "type": "ubuntu"}, {"idList": ["OSVDB:11166"], "type": "osvdb"}, {"idList": ["OPENVAS:53281", "OPENVAS:54732", "OPENVAS:52309"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-593-1:AD510"], "type": "debian"}, {"idList": ["FREEBSD_IMAGEMAGICK_613.NASL", "DEBIAN_DSA-593.NASL", "FREEBSD_PKG_EEB1C12833E711D9A9E70001020EED82.NASL", "UBUNTU_USN-10-1.NASL", "GENTOO_GLSA-200411-11.NASL", "REDHAT-RHSA-2004-636.NASL", "MANDRAKE_MDKSA-2004-143.NASL"], "type": "nessus"}, {"idList": ["GLSA-200411-11"], "type": "gentoo"}, {"idList": ["RHSA-2004:636"], "type": "redhat"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "e5b84637db8d6424085d3735f112c138602b2e1f7355c3ae293f84643684b58b", "hashmap": [{"hash": "4970a9ea6a360084d15bb13c9cc2763a", "key": "title"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "74e34b9e0919f520bf0e07d15a04e3bd", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5e36871351666a2b5579697f3fa7556d", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b9481657c021af02a2a83ecdd13e758", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6a64ca8ec19831473cb511e991188bb4", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8a96d8d6e565c1bd06e216985d146bba", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "3449f67d234ea59819fda5d434d05888", "key": "description"}, {"hash": "4a3152a48927c782276f17f62bb099ad", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "id": "UBUNTU_USN-7-1.NASL", "lastseen": "2019-01-16T20:06:30", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "20690", "published": "2006-01-15T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:06:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2004-0981"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "c1e05bed89f5b7ac7855fe2697a40dbb1dc179cf8779b0eba958ca166a413e75", "hashmap": [{"hash": "4970a9ea6a360084d15bb13c9cc2763a", "key": "title"}, {"hash": "c87ff1a501002a752064bc38908fd698", "key": "description"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "74e34b9e0919f520bf0e07d15a04e3bd", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5e36871351666a2b5579697f3fa7556d", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b9481657c021af02a2a83ecdd13e758", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6a64ca8ec19831473cb511e991188bb4", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8a96d8d6e565c1bd06e216985d146bba", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "id": "UBUNTU_USN-7-1.NASL", "lastseen": "2016-09-26T17:24:00", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "20690", "published": "2006-01-15T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick6"], "cvelist": ["CVE-2004-0981"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "7adce6f368f0236e032ab99b92e21d2b79fd7121bcc14e8ae977158817969d3d", "hashmap": [{"hash": "4970a9ea6a360084d15bb13c9cc2763a", "key": "title"}, {"hash": "c87ff1a501002a752064bc38908fd698", "key": "description"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "74e34b9e0919f520bf0e07d15a04e3bd", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5e36871351666a2b5579697f3fa7556d", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b9481657c021af02a2a83ecdd13e758", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6a64ca8ec19831473cb511e991188bb4", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8a96d8d6e565c1bd06e216985d146bba", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "4a3152a48927c782276f17f62bb099ad", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "id": "UBUNTU_USN-7-1.NASL", "lastseen": "2017-10-29T13:36:10", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "20690", "published": "2006-01-15T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick6"], "cvelist": ["CVE-2004-0981"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8f5f389f8edc787dfc3c8c9a1ee44f8a8bd269501217d2b8588212534889c4d0", "hashmap": [{"hash": "4970a9ea6a360084d15bb13c9cc2763a", "key": "title"}, {"hash": "c87ff1a501002a752064bc38908fd698", "key": "description"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "74e34b9e0919f520bf0e07d15a04e3bd", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5e36871351666a2b5579697f3fa7556d", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b9481657c021af02a2a83ecdd13e758", "key": "cvelist"}, {"hash": "6a64ca8ec19831473cb511e991188bb4", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8a96d8d6e565c1bd06e216985d146bba", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "4a3152a48927c782276f17f62bb099ad", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "id": "UBUNTU_USN-7-1.NASL", "lastseen": "2018-08-30T19:35:46", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "20690", "published": "2006-01-15T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:35:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick6"], "cvelist": ["CVE-2004-0981"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "7adce6f368f0236e032ab99b92e21d2b79fd7121bcc14e8ae977158817969d3d", "hashmap": [{"hash": "4970a9ea6a360084d15bb13c9cc2763a", "key": "title"}, {"hash": "c87ff1a501002a752064bc38908fd698", "key": "description"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "74e34b9e0919f520bf0e07d15a04e3bd", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5e36871351666a2b5579697f3fa7556d", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b9481657c021af02a2a83ecdd13e758", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6a64ca8ec19831473cb511e991188bb4", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8a96d8d6e565c1bd06e216985d146bba", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "4a3152a48927c782276f17f62bb099ad", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20690", "id": "UBUNTU_USN-7-1.NASL", "lastseen": "2018-09-01T23:40:23", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "20690", "published": "2006-01-15T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "title": "Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:40:23"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "4a3152a48927c782276f17f62bb099ad"}, {"key": "cvelist", "hash": "5b9481657c021af02a2a83ecdd13e758"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "c87ff1a501002a752064bc38908fd698"}, {"key": "href", "hash": "6a64ca8ec19831473cb511e991188bb4"}, {"key": "modified", "hash": "5ebefc09f1b29d9e0dad2276c1ad05e8"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "5e36871351666a2b5579697f3fa7556d"}, {"key": "published", "hash": "8a96d8d6e565c1bd06e216985d146bba"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "74e34b9e0919f520bf0e07d15a04e3bd"}, {"key": "title", "hash": "4970a9ea6a360084d15bb13c9cc2763a"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7adce6f368f0236e032ab99b92e21d2b79fd7121bcc14e8ae977158817969d3d", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0981"]}, {"type": "openvas", "idList": ["OPENVAS:53281", "OPENVAS:52309", "OPENVAS:54732"]}, {"type": "osvdb", "idList": ["OSVDB:11166"]}, {"type": "ubuntu", "idList": ["USN-10-1", "USN-7-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-593-1:AD510"]}, {"type": "gentoo", "idList": ["GLSA-200411-11"]}, {"type": "nessus", "idList": ["FREEBSD_IMAGEMAGICK_613.NASL", "UBUNTU_USN-10-1.NASL", "FREEBSD_PKG_EEB1C12833E711D9A9E70001020EED82.NASL", "DEBIAN_DSA-593.NASL", "GENTOO_GLSA-200411-11.NASL", "MANDRAKE_MDKSA-2004-143.NASL", "REDHAT-RHSA-2004-636.NASL"]}, {"type": "freebsd", "idList": ["EEB1C128-33E7-11D9-A9E7-0001020EED82"]}, {"type": "redhat", "idList": ["RHSA-2004:636"]}], "modified": "2019-02-21T01:08:58"}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-02-21T01:08:58"}, "vulnersScore": 7.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-7-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20690);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:55 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"7-1\");\n\n script_name(english:\"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in imagemagick's EXIF parsing routine has been\ndiscovered in imagemagick versions prior to 6.1.0. Trying to query\nEXIF information of a malicious image file might result in execution\nof arbitrary code with the user's privileges.\n\nSince imagemagick can be used in custom printing systems, this also\nmight lead to privilege escalation (execute code with the printer\nspooler's privileges). However, Ubuntu's standard printing system does\nnot use imagemagick, thus there is no risk of privilege escalation in\na standard installation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"imagemagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"perlmagick\", pkgver:\"6.0.2.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "20690", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick6"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:08:03", "bulletinFamily": "NVD", "description": "Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.", "modified": "2017-10-11T01:29:00", "id": "CVE-2004-0981", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0981", "published": "2005-02-09T05:00:00", "title": "CVE-2004-0981", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:06", "bulletinFamily": "software", "description": "## Vulnerability Description\nA remote overflow exists in ImageMagick. The product fails to perform correct boundary checking in the EXIF parsing routine resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 6.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in ImageMagick. The product fails to perform correct boundary checking in the EXIF parsing routine resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor Specific News/Changelog Entry: http://www.imagemagick.org/www/Changelog.html\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-593)\n[Secunia Advisory ID:13406](https://secuniaresearch.flexerasoftware.com/advisories/13406/)\n[Secunia Advisory ID:13106](https://secuniaresearch.flexerasoftware.com/advisories/13106/)\n[Secunia Advisory ID:13214](https://secuniaresearch.flexerasoftware.com/advisories/13214/)\n[Secunia Advisory ID:13386](https://secuniaresearch.flexerasoftware.com/advisories/13386/)\n[Secunia Advisory ID:12995](https://secuniaresearch.flexerasoftware.com/advisories/12995/)\nRedHat RHSA: RHSA-2004:636\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200411-11.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:143\nMail List Post: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401\nISS X-Force ID: 17903\n[CVE-2004-0981](https://vulners.com/cve/CVE-2004-0981)\n", "modified": "2004-10-26T11:10:28", "published": "2004-10-26T11:10:28", "id": "OSVDB:11166", "href": "https://vulners.com/osvdb/OSVDB:11166", "title": "ImageMagick EXIF Parser Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to imagemagick\nannounced via advisory DSA 593-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53281", "id": "OPENVAS:53281", "title": "Debian Security Advisory DSA 593-1 (imagemagick)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_593_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 593-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been reported for ImageMagick, a commonly used\nimage manipulation library. Due to a boundary error within the EXIF\nparsing routine, a specially crafted graphic images could lead to the\nexecution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody4.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 6.0.6.2-1.5.\n\nWe recommend that you upgrade your imagemagick packages.\";\ntag_summary = \"The remote host is missing an update to imagemagick\nannounced via advisory DSA 593-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20593-1\";\n\nif(description)\n{\n script_id(53281);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(11548);\n script_cve_id(\"CVE-2004-0981\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 593-1 (imagemagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++5-dev\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick5\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick5-dev\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"5.4.4.5-1woody4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-20T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52309", "id": "OPENVAS:52309", "title": "FreeBSD Ports: ImageMagick", "type": "openvas", "sourceData": "#\n#VID eeb1c128-33e7-11d9-a9e7-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ImageMagick\n\nCVE-2004-0981\nBuffer overflow in the EXIF parsing routine in ImageMagick before\n6.1.0 allows remote attackers to execute arbitrary code via a certain\nimage file.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/12995/\nhttp://www.imagemagick.org/www/Changelog.html\nhttp://www.vuxml.org/freebsd/eeb1c128-33e7-11d9-a9e7-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52309);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0981\");\n script_bugtraq_id(11548);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: ImageMagick\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ImageMagick\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.1.3\")<0) {\n txt += 'Package ImageMagick version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:45", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200411-11.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54732", "id": "OPENVAS:54732", "title": "Gentoo Security Advisory GLSA 200411-11 (imagemagick)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ImageMagick contains an error in boundary checks when handling EXIF\ninformation, which could lead to arbitrary code execution.\";\ntag_solution = \"All ImageMagick users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.1.3.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=69825\nhttp://www.imagemagick.org/www/Changelog.html\nhttp://secunia.com/advisories/12995/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200411-11.\";\n\n \n\nif(description)\n{\n script_id(54732);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(11548);\n script_cve_id(\"CVE-2004-0981\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200411-11 (imagemagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/imagemagick\", unaffected: make_list(\"ge 6.1.3.2\"), vulnerable: make_list(\"lt 6.1.3.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:14", "bulletinFamily": "unix", "description": "Several buffer overflows have been discovered in libxml2\u2019s FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml2.\n\nSince libxml2 is used in packages like php4-imagick, the vulnerability also might lead to privilege escalation, like executing attacker supplied code with a web server\u2019s privileges.\n\nHowever, this does not affect the core XML parsing code, which is what the majority of programs use this library for.", "modified": "2004-10-30T00:00:00", "published": "2004-10-30T00:00:00", "id": "USN-10-1", "href": "https://usn.ubuntu.com/10-1/", "title": "XML library vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T17:21:49", "bulletinFamily": "unix", "description": "A buffer overflow in imagemagick\u2019s EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user\u2019s privileges.\n\nSince imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler\u2019s privileges). However, Ubuntu\u2019s standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.", "modified": "2004-10-27T00:00:00", "published": "2004-10-27T00:00:00", "id": "USN-7-1", "href": "https://usn.ubuntu.com/7-1/", "title": "imagemagick vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 593-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 16th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : imagemagick\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2004-0981\nDebian Bug : 278401\n\nA vulnerability has been reported for ImageMagick, a commonly used\nimage manipulation library. Due to a boundary error within the EXIF\nparsing routine, a specially crafted graphic images could lead to the\nexecution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody4.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 6.0.6.2-1.5.\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.dsc\n Size/MD5 checksum: 852 c053f06bcb00f7cc722814ece4c99462\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.diff.gz\n Size/MD5 checksum: 15309 bb1ec78c190677ceb5311ffe167b8184\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz\n Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 1309792 f3e20f97b3a081cd3e73675c2131a345\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 154144 4b8abf5400526b55d41b6a23a747740d\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 56232 d6be366bdb42ff918de236b42e5fc03e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 833420 811a90a17be12877a5352474b4ff50b0\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 67276 ea7ecc0c685293d0bfe90d7d5eec5eae\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_alpha.deb\n Size/MD5 checksum: 113786 896b92eda8b1572090c28f7781617bcb\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 1297076 1480d317943ebd0d62af4e91cb70e8bc\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 118678 9bd22b4793a02f7d55178093950f2af1\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 56272 dced3c2b19dadc4a9269ca8694a9fb17\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 898586 0603ac9d5290dad892eb26cc9d3f5f9c\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 67312 332b1462e38cab79c3baf075124f0a52\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_arm.deb\n Size/MD5 checksum: 109900 d5c8d8247af36dbf8e6d38343b451c0b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 1295130 5c546d50eb6a1c1597c491849a74ba00\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 122766 a778e5be49e9a22fea94f6a6d83f7035\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 56254 2758908cfe92661e70e3def07595126a\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 772498 17eb974bb841ad4332e1ebbc800f7ce2\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 67296 f1c482c8e6a2e0dda18d9fd69120f8f2\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_i386.deb\n Size/MD5 checksum: 106912 3a35af388be49b0978665202a1ec7e66\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 1336172 10c0e32424a9dca3d3cd66779921022f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 137042 d499c76fb08bfb8c63bf89384f297bf7\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 56222 c0e9c7c41e6cb6f0097f979373b6a895\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 1359968 58957910d3e927d2f0c41db825db19d5\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 67260 1ab111e57700c86384f02b98e7be823e\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_ia64.deb\n Size/MD5 checksum: 132904 55f936250c3cf6859dc38cfce35df9a6\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 1297346 930d77ec6653cd705af67d47f1090d32\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 132850 d5988feb87c126dcab6df72e6e590545\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 56270 3395e0bbce4bc6092fc81a1fe1193bc2\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 859724 56b6e89439f151f21001e345340248a4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 67328 c88fc994c5ed2c6fed15685fdd78758f\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_hppa.deb\n Size/MD5 checksum: 117164 30cd8726f73026a2e20c8efe04c528a9\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 1292548 8d360c360fbb9c477cd0ae1aca69448e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 134004 5d597e8f01686d39f1a852b248487b59\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 56300 3160b3dae3facf978d1176957b95af68\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 751758 83cc438c729286babb7ac84346f07654\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 67332 d13d7618bbce5050e8d05bfaa5ab6498\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_m68k.deb\n Size/MD5 checksum: 107408 6e3b040f07982b2fd3f1d0f83ec02f8d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 1294866 2e4bd7d79951377b4da399738fe88a77\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 120252 7c69c8cbae8f03add859573edfe3e241\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 56276 3a8ff5352159ddfb8b2d32641acdd625\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 733000 30b1e4b7c930878890553ef6a441ca09\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 67326 6bc5cdbfe033642b3a27baeafb31f300\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mips.deb\n Size/MD5 checksum: 103322 7075ae9b234bc564631b67661736e543\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 1294860 33b3593e696a9aff9dac216778fea431\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 113820 a81bf3b33cd7abddb1335ab61be0c4dc\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 56302 e1f179a6be8c7781eba49e0c25d1013e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 721030 2dd79a60f0e8a46dee376cbe79b78b8d\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 67322 a8e370ec24fcb00d8b585837034502e5\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mipsel.deb\n Size/MD5 checksum: 102868 ac84fdb646eace65d69208bb522a3976\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 1291426 205981d0b3cd47699602d1ecb8636fb4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 135900 4908551a03f72d05f4d34f2bf767fcdd\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 56268 8c3150906852c56a2cce8ebb20292e84\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 786006 39b95827036f22e43245489944294bb8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 67304 9eb67cfc99e2632453c9335d7688ca6f\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_powerpc.deb\n Size/MD5 checksum: 111908 369ae1547d021b06c865e107db68c1bc\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 1292148 b018542967462dfb08559ee8ca413af0\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 132004 366eca80ee3ae6e97e75c346298dfa4e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 56256 b50d9cda59825fb64ce17d42e6862c21\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 777968 b51017dcfc2106b458af6fd3f0f1e5c0\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 67304 5884f688ddd0dd60eb44cf609c79b0c2\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_s390.deb\n Size/MD5 checksum: 108956 0a1a43eb74ac289387783e32c85fb15b\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 1295192 ecc31b2bf9f87175011f42517406449b\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 123844 506d5252bd0b53224f358eef3cfc0808\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 56262 1c5766ed3e5e2a2ed57bf2394481e23d\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 802610 ed2a8842b6612e96682f13e28fa74f96\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 67312 a640d03d461769bb0c23f1a77003ef1d\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_sparc.deb\n Size/MD5 checksum: 112880 93033756bee95ec9523d427e6813782d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2004-11-16T00:00:00", "published": "2004-11-16T00:00:00", "id": "DEBIAN:DSA-593-1:AD510", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00202.html", "title": "[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "unix", "description": "\nThere exists a buffer overflow vulnerability in\n\t ImageMagick's EXIF parsing code which may lead to execution\n\t of arbitrary code.\n", "modified": "2004-12-12T00:00:00", "published": "2004-10-25T00:00:00", "id": "EEB1C128-33E7-11D9-A9E7-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/eeb1c128-33e7-11d9-a9e7-0001020eed82.html", "title": "ImageMagick -- EXIF parser buffer overflow", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:11:43", "bulletinFamily": "scanner", "description": "There exists a buffer overflow vulnerability in ImageMagick's EXIF parsing code which may lead to execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_EEB1C12833E711D9A9E70001020EED82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37043", "published": "2009-04-23T00:00:00", "title": "FreeBSD : ImageMagick -- EXIF parser buffer overflow (eeb1c128-33e7-11d9-a9e7-0001020eed82)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37043);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:40\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_bugtraq_id(11548);\n script_xref(name:\"Secunia\", value:\"12995\");\n\n script_name(english:\"FreeBSD : ImageMagick -- EXIF parser buffer overflow (eeb1c128-33e7-11d9-a9e7-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There exists a buffer overflow vulnerability in ImageMagick's EXIF\nparsing code which may lead to execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.imagemagick.org/www/Changelog.html\"\n );\n # https://vuxml.freebsd.org/freebsd/eeb1c128-33e7-11d9-a9e7-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c430bc83\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick-nox11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick<6.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick-nox11<6.1.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:16", "bulletinFamily": "scanner", "description": "A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could lead to the execution of arbitrary code.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-593.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15728", "published": "2004-11-17T00:00:00", "title": "Debian DSA-593-1 : imagemagick - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-593. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15728);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"DSA\", value:\"593\");\n\n script_name(english:\"Debian DSA-593-1 : imagemagick - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been reported for ImageMagick, a commonly used\nimage manipulation library. Due to a boundary error within the EXIF\nparsing routine, a specially crafted graphic image could lead to the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-593\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"imagemagick\", reference:\"5.4.4.5-1woody4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmagick++5\", reference:\"5.4.4.5-1woody4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmagick++5-dev\", reference:\"5.4.4.5-1woody4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmagick5\", reference:\"5.4.4.5-1woody4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmagick5-dev\", reference:\"5.4.4.5-1woody4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"perlmagick\", reference:\"5.4.4.5-1woody4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:25:36", "bulletinFamily": "scanner", "description": "The following package needs to be updated: ImageMagick", "modified": "2011-10-03T00:00:00", "published": "2004-11-23T00:00:00", "id": "FREEBSD_IMAGEMAGICK_613.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15795", "type": "nessus", "title": "FreeBSD : ImageMagick -- EXIF parser buffer overflow (3)", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_eeb1c12833e711d9a9e70001020eed82.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(15795);\n script_version(\"$Revision: 1.10 $\");\n script_bugtraq_id(11548);\n script_cve_id(\"CVE-2004-0981\");\n\n script_name(english:\"FreeBSD : ImageMagick -- EXIF parser buffer overflow (3)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: ImageMagick');\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1\nhttp://downloads.phpgroupware.org/changelog\nhttp://drupal.org/files/sa-2005-004/advisory.txt\nhttp://phpadsnew.com/two/nucleus/index.php?itemid=45\nhttp://secunia.com/advisories/12995/\nhttp://www.hardened-php.net/advisory_142005.66.html\nhttp://www.hardened-php.net/advisory_152005.67.html\nhttp://www.imagemagick.org/www/Changelog.html\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-09.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-10.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-11.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-12.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-13.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-44.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-45.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-46.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-47.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-48.html');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/eeb1c128-33e7-11d9-a9e7-0001020eed82.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/11/23\");\n script_cvs_date(\"$Date: 2011/10/03 00:48:26 $\");\n script_end_attributes();\n script_summary(english:\"Check for ImageMagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37043 (freebsd_pkg_eeb1c12833e711d9a9e70001020eed82.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=10;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"ImageMagick<6.1.3\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:55", "bulletinFamily": "scanner", "description": "Several buffer overflows have been discovered in libxml2's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml2.\n\nSince libxml2 is used in packages like php4-imagick, the vulnerability also might lead to privilege escalation, like executing attacker supplied code with a web server's privileges.\n\nHowever, this does not affect the core XML parsing code, which is what the majority of programs use this library for.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-05-25T00:00:00", "id": "UBUNTU_USN-10-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20485", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : XML library vulnerabilities (USN-10-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-10-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20485);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:11:44 $\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"USN\", value:\"10-1\");\n\n script_name(english:\"Ubuntu 4.10 : XML library vulnerabilities (USN-10-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in libxml2's FTP\nconnection and DNS resolution functions. Supplying very long FTP URLs\nor IP addresses might result in execution of arbitrary code with the\nprivileges of the process using libxml2.\n\nSince libxml2 is used in packages like php4-imagick, the vulnerability\nalso might lead to privilege escalation, like executing attacker\nsupplied code with a web server's privileges.\n\nHowever, this does not affect the core XML parsing code, which is what\nthe majority of programs use this library for.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-python2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxml2\", pkgver:\"2.6.11-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxml2-dev\", pkgver:\"2.6.11-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxml2-doc\", pkgver:\"2.6.11-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxml2-python2.3\", pkgver:\"2.6.11-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxml2-utils\", pkgver:\"2.6.11-3ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-dev / libxml2-doc / libxml2-python2.3 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:15", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200411-11 (ImageMagick: EXIF buffer overflow)\n\n ImageMagick fails to do proper bounds checking when handling image files with EXIF information.\n Impact :\n\n An attacker could use an image file with specially crafted EXIF information to cause arbitrary code execution with the permissions of the user running ImageMagick.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200411-11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15645", "published": "2004-11-07T00:00:00", "title": "GLSA-200411-11 : ImageMagick: EXIF buffer overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200411-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15645);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"GLSA\", value:\"200411-11\");\n\n script_name(english:\"GLSA-200411-11 : ImageMagick: EXIF buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200411-11\n(ImageMagick: EXIF buffer overflow)\n\n ImageMagick fails to do proper bounds checking when handling image files\n with EXIF information.\n \nImpact :\n\n An attacker could use an image file with specially crafted EXIF information\n to cause arbitrary code execution with the permissions of the user running\n ImageMagick.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.imagemagick.org/www/Changelog.html\"\n );\n # http://secunia.com/advisories/12995/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/advisories/12995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200411-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.1.3.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.1.3.2\"), vulnerable:make_list(\"lt 6.1.3.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:17", "bulletinFamily": "scanner", "description": "A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code.\n\nThe updated packages have been patched to prevent this problem.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2004-143.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15916", "published": "2004-12-07T00:00:00", "title": "Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:143. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15916);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0981\");\n script_xref(name:\"MDKSA\", value:\"2004:143\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in ImageMagick where, due to a boundary\nerror within the EXIF parsing routine, a specially crafted graphic\nimage could potentially lead to the execution of arbitrary code.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick5.5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick5.5.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick6.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick6.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick5.5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick5.5.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick6.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick6.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"ImageMagick-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ImageMagick-doc-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64Magick5.5.7-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64Magick5.5.7-devel-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libMagick5.5.7-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libMagick5.5.7-devel-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"perl-Magick-5.5.7.15-6.2.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"ImageMagick-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ImageMagick-doc-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64Magick6.4.0-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64Magick6.4.0-devel-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libMagick6.4.0-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libMagick6.4.0-devel-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"perl-Magick-6.0.4.4-5.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"ImageMagick-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64Magick5.5.7-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64Magick5.5.7-devel-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libMagick5.5.7-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libMagick5.5.7-devel-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"perl-Magick-5.5.7.10-7.2.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:17", "bulletinFamily": "scanner", "description": "Updated ImageMagick packages that fixes a buffer overflow are now available.\n\nImageMagick(TM) is an image display and manipulation tool for the X Window System.\n\nA buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to this issue.\n\nDavid Eisenstein has reported that our previous fix for CVE-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue.\n\nUsers of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2004-636.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15946", "published": "2004-12-13T00:00:00", "title": "RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:636. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15946);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2004-0827\", \"CVE-2004-0981\");\n script_bugtraq_id(11548);\n script_xref(name:\"RHSA\", value:\"2004:636\");\n\n script_name(english:\"RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ImageMagick packages that fixes a buffer overflow are now\navailable.\n\nImageMagick(TM) is an image display and manipulation tool for the X\nWindow System.\n\nA buffer overflow flaw was discovered in the ImageMagick image\nhandler. An attacker could create a carefully crafted image file with\nan improper EXIF information in such a way that it would cause\nImageMagick to execute arbitrary code when processing the image. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0981 to this issue.\n\nDavid Eisenstein has reported that our previous fix for CVE-2004-0827,\na heap overflow flaw, was incomplete. An attacker could create a\ncarefully crafted BMP file in such a way that it could cause\nImageMagick to execute arbitrary code when processing the image. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0827 to this issue.\n\nUsers of ImageMagick should upgrade to these updated packages, which\ncontain a backported patch, and is not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0981\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:636\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ImageMagick-5.3.8-6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ImageMagick-c++-5.3.8-6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ImageMagick-c++-devel-5.3.8-6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ImageMagick-devel-5.3.8-6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ImageMagick-perl-5.3.8-6\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"ImageMagick-5.5.6-7\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ImageMagick-c++-5.5.6-7\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ImageMagick-c++-devel-5.5.6-7\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ImageMagick-devel-5.5.6-7\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ImageMagick-perl-5.5.6-7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "description": "### Background\n\nImageMagick is a collection of tools to read, write and manipulate images in many formats. \n\n### Description\n\nImageMagick fails to do proper bounds checking when handling image files with EXIF information. \n\n### Impact\n\nAn attacker could use an image file with specially-crafted EXIF information to cause arbitrary code execution with the permissions of the user running ImageMagick. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ImageMagick users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/imagemagick-6.1.3.2\"", "modified": "2004-11-06T00:00:00", "published": "2004-11-06T00:00:00", "id": "GLSA-200411-11", "href": "https://security.gentoo.org/glsa/200411-11", "type": "gentoo", "title": "ImageMagick: EXIF buffer overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "description": "ImageMagick(TM) is an image display and manipulation tool for the X Window\nSystem.\n\nA buffer overflow flaw was discovered in the ImageMagick image handler.\nAn attacker could create a carefully crafted image file with an improper\nEXIF information in such a way that it would cause ImageMagick to execute\narbitrary code when processing the image. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to\nthis issue.\n\nDavid Eisenstein has reported that our previous fix for CAN-2004-0827, a\nheap overflow flaw, was incomplete. An attacker could create a carefully\ncrafted BMP file in such a way that it could cause ImageMagick to execute\narbitrary code when processing the image. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to\nthis issue.\n\nUsers of ImageMagick should upgrade to these updated packages, which\ncontain a backported patch, and is not vulnerable to this issue.", "modified": "2019-03-22T23:43:22", "published": "2004-12-08T05:00:00", "id": "RHSA-2004:636", "href": "https://access.redhat.com/errata/RHSA-2004:636", "type": "redhat", "title": "(RHSA-2004:636) ImageMagick security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
