Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-636.NASL
HistoryDec 13, 2004 - 12:00 a.m.

RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)

2004-12-1300:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.089

Percentile

94.6%

JSON

Updated ImageMagick packages that fixes a buffer overflow are now available.

ImageMagick™ is an image display and manipulation tool for the X Window System.

A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to this issue.

David Eisenstein has reported that our previous fix for CVE-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue.

Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:636. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15946);
  script_version("1.26");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0827", "CVE-2004-0981");
  script_bugtraq_id(11548);
  script_xref(name:"RHSA", value:"2004:636");

  script_name(english:"RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated ImageMagick packages that fixes a buffer overflow are now
available.

ImageMagick(TM) is an image display and manipulation tool for the X
Window System.

A buffer overflow flaw was discovered in the ImageMagick image
handler. An attacker could create a carefully crafted image file with
an improper EXIF information in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0981 to this issue.

David Eisenstein has reported that our previous fix for CVE-2004-0827,
a heap overflow flaw, was incomplete. An attacker could create a
carefully crafted BMP file in such a way that it could cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0827 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0981"
  );
  # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:636"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/12/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:636";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-5.3.8-6")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-5.3.8-6")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-devel-5.3.8-6")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-devel-5.3.8-6")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-perl-5.3.8-6")) flag++;

  if (rpm_check(release:"RHEL3", reference:"ImageMagick-5.5.6-7")) flag++;
  if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-5.5.6-7")) flag++;
  if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-devel-5.5.6-7")) flag++;
  if (rpm_check(release:"RHEL3", reference:"ImageMagick-devel-5.5.6-7")) flag++;
  if (rpm_check(release:"RHEL3", reference:"ImageMagick-perl-5.5.6-7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc");
  }
}

Related

redhat 3
openvas 13
ubuntu 3
cvelist 2
nessus 13
cve 2
debiancve 2
freebsd 2
nvd 2
debian 4
veracode 1
osv 2
ubuntucve 2
gentoo 1
suse 1
redhat
redhat
(RHSA-2004:636) ImageMagick security update
2004-12-08 00:00:00
(RHSA-2004:480) ImageMagick security update
2004-10-20 00:00:00
(RHSA-2004:494) ImageMagick security update
2004-10-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 547-1 (imagemagic)
2008-01-17 00:00:00
Debian Security Advisory DSA 547-1 (imagemagic)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-35-1)
2022-08-26 00:00:00
ubuntu
ubuntu
imagemagick vulnerabilities
2004-12-01 00:00:00
imagemagick vulnerability
2004-10-27 00:00:00
XML library vulnerabilities
2004-10-30 00:00:00
cvelist
cvelist
CVE-2004-0827
2004-09-24 04:00:00
CVE-2004-0981
2004-11-19 05:00:00
nessus
nessus
Debian DSA-547-1 : imagemagick - buffer overflows
2004-09-29 00:00:00
Ubuntu 4.10 : imagemagick vulnerabilities (USN-35-1)
2006-01-15 00:00:00
Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)
2004-12-07 00:00:00
cve
cve
CVE-2004-0827
2004-09-24 04:00:00
CVE-2004-0981
2005-02-09 05:00:00
debiancve
debiancve
CVE-2004-0827
2004-09-24 04:00:00
CVE-2004-0981
2005-02-09 05:00:00
freebsd
freebsd
ImageMagick -- EXIF parser buffer overflow
2004-10-25 00:00:00
ImageMagick -- BMP decoder buffer overflow
2004-08-25 00:00:00
nvd
nvd
CVE-2004-0827
2004-09-16 04:00:00
CVE-2004-0981
2005-02-09 05:00:00
debian
debian
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows
2004-09-16 10:10:31
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution
2004-11-16 09:34:23
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows
2004-09-16 10:10:31
veracode
veracode
Denial Of Service (DoS)
2023-07-26 12:55:09
osv
osv
imagemagick - buffer overflows
2004-09-16 00:00:00
imagemagick - buffer overflow
2004-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2004-0827
2004-09-16 00:00:00
CVE-2004-0981
2005-02-09 00:00:00
gentoo
gentoo
ImageMagick: EXIF buffer overflow
2004-11-06 00:00:00
suse
suse
remote code execution in cups
2004-09-15 14:45:26

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.089

Percentile

94.6%

JSON
Related for REDHAT-RHSA-2004-636.NASL
redhat3openvas13ubuntu3cvelist2nessus13cve2debiancve2freebsd2nvd2debian4veracode1osv2ubuntucve2gentoo1suse1