Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:1361412562310830431HistoryApr 09, 2009 - 12:00 a.m.
Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
2009-04-0900:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
9
0.043 Low
EPSS
Percentile
91.4%
Check for the Version of ImageMagick
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A heap-based buffer overflow vulnerability was found in how ImageMagick
parsed XCF files. If ImageMagick opened a specially-crafted XCF
file, it could be made to overwrite heap memory beyond the bounds
of its allocated memory, potentially allowing an attacker to execute
arbitrary code on the system running ImageMagick (CVE-2008-1096).
Another heap-based buffer overflow vulnerability was found in how
ImageMagick processed certain malformed PCX images. If ImageMagick
opened a specially-crafted PCX image file, an attacker could
possibly execute arbitrary code on the system running ImageMagick
(CVE-2008-1097).
The updated packages have been patched to correct these issues.";
tag_affected = "ImageMagick on Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64,
Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2008-05/msg00009.php");
script_oid("1.3.6.1.4.1.25623.1.0.830431");
script_version("$Revision: 9370 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2008:099");
script_cve_id("CVE-2008-1096", "CVE-2008-1097");
script_name( "Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)");
script_tag(name:"summary", value:"Check for the Version of ImageMagick");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"ImageMagick", rpm:"ImageMagick~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ImageMagick-desktop", rpm:"ImageMagick-desktop~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ImageMagick-doc", rpm:"ImageMagick-doc~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libMagick10.7.0", rpm:"libMagick10.7.0~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libMagick10.7.0-devel", rpm:"libMagick10.7.0-devel~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perl-Image-Magick", rpm:"perl-Image-Magick~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64Magick10.7.0", rpm:"lib64Magick10.7.0~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64Magick10.7.0-devel", rpm:"lib64Magick10.7.0-devel~6.3.2.9~5.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"imagemagick", rpm:"imagemagick~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"imagemagick-desktop", rpm:"imagemagick-desktop~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"imagemagick-doc", rpm:"imagemagick-doc~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libmagick10.7.0", rpm:"libmagick10.7.0~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libmagick10.7.0-devel", rpm:"libmagick10.7.0-devel~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perl-Image-Magick", rpm:"perl-Image-Magick~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64magick10.7.0", rpm:"lib64magick10.7.0~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64magick10.7.0-devel", rpm:"lib64magick10.7.0-devel~6.3.2.9~10.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
nessus
nessus
openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5276)
2008-07-02 00:00:00
Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099)
2009-04-23 00:00:00
openSUSE 10 Security Update : ImageMagick (ImageMagick-5277)
2008-07-02 00:00:00
openvas
openvas
Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
2009-04-09 00:00:00
Ubuntu Update for imagemagick vulnerability USN-681-1
2009-03-23 00:00:00
Oracle: Security Advisory (ELSA-2012-0301)
2015-10-06 00:00:00
seebug
seebug
ImageMagick XCFεPCXζδ»Άε€ηε ζΊ’εΊζΌζ΄
2008-04-19 00:00:00
prion
prion
Heap overflow
2008-03-05 20:44:00
Heap overflow
2008-03-05 20:44:00
debiancve
debiancve
CVE-2008-1096
2008-03-05 20:44:00
CVE-2008-1097
2008-03-05 20:44:00
cve
cve
CVE-2008-1096
2008-03-05 20:44:00
CVE-2008-1097
2008-03-05 20:44:00
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2012-03-01 00:00:00
ImageMagick security update
2008-04-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:13
Arbitrary Code Execution
2020-04-10 00:20:13
ubuntucve
ubuntucve
CVE-2008-1096
2008-03-05 00:00:00
CVE-2008-1097
2008-03-05 00:00:00
ubuntu
ubuntu
ImageMagick vulnerability
2008-12-01 00:00:00
centos
centos
ImageMagick security update
2008-04-17 15:52:20
ImageMagick security update
2008-04-18 00:17:42
redhat
redhat
(RHSA-2008:0145) Moderate: ImageMagick security update
2008-04-16 00:00:00
(RHSA-2008:0165) Moderate: ImageMagick security update
2008-04-16 00:00:00
debian
debian
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00
gentoo
gentoo
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00