Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310702750HistorySep 02, 2013 - 12:00 a.m.
Debian: Security Advisory (DSA-2750-1)
2013-09-0200:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
3
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.041 Low
EPSS
Percentile
92.1%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702750");
script_cve_id("CVE-2013-4298");
script_tag(name:"creation_date", value:"2013-09-02 22:00:00 +0000 (Mon, 02 Sep 2013)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_name("Debian: Security Advisory (DSA-2750-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
script_xref(name:"Advisory-ID", value:"DSA-2750-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2013/DSA-2750-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2750");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DSA-2750-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Anton Kortunov reported a heap corruption in ImageMagick, a program collection and library for converting and manipulating image files. Crafted GIF files could cause ImageMagick to crash, potentially leading to arbitrary code execution.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 8:6.7.7.10-5+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 8:6.7.7.10-6.
We recommend that you upgrade your imagemagick packages.");
script_tag(name:"affected", value:"'imagemagick' package(s) on Debian 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"imagemagick", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"imagemagick-common", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"imagemagick-dbg", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"imagemagick-doc", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagick++-dev", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagick++5", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-dev", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagickcore5", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagickcore5-extra", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagickwand-dev", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libmagickwand5", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"perlmagick", ver:"8:6.7.7.10-5+deb7u2", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Ubuntu 12.10 / 13.04 : imagemagick vulnerability (USN-1949-1)
2013-09-11 00:00:00
ImageMagick < 6.7.8-8 gif.c Memory Corruption
2013-11-04 00:00:00
Debian DSA-2750-1 : imagemagick - buffer overflow
2013-09-05 00:00:00
kaspersky
kaspersky
KLA10218 DoS vulnerability in ImageMagick
2013-09-10 00:00:00
prion
prion
Memory corruption
2013-09-10 19:55:00
ubuntu
ubuntu
ImageMagick vulnerability
2013-09-10 00:00:00
debian
debian
[SECURITY] [DSA 2750-1] imagemagick security update
2013-09-03 20:17:31
securityvulns
securityvulns
[SECURITY] [DSA 2750-1] imagemagick security update
2013-09-09 00:00:00
imagemagic buffer overflow
2013-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-4298
2013-09-03 00:00:00
checkpoint_advisories
checkpoint_advisories
openvas
openvas
Ubuntu Update for imagemagick USN-1949-1
2013-09-12 00:00:00
Debian Security Advisory DSA 2750-1 (imagemagick - buffer overflow)
2013-09-03 00:00:00
Ubuntu: Security Advisory (USN-1949-1)
2013-09-12 00:00:00
cve
cve
CVE-2013-4298
2013-09-10 19:55:00
debiancve
debiancve
CVE-2013-4298
2013-09-10 19:55:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2014-05-17 00:00:00
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.041 Low
EPSS
Percentile
92.1%
Related for OPENVAS:1361412562310702750