Lucene search
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_11_1_GRAPHICSMAGICK-090609.NASLHistoryJul 21, 2009 - 12:00 a.m.
openSUSE Security Update : GraphicsMagick (GraphicsMagick-988)
2009-07-2100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
15
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.055
Percentile
93.2%
This update of GraphicsMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update GraphicsMagick-988.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(40164);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-1882");
script_name(english:"openSUSE Security Update : GraphicsMagick (GraphicsMagick-988)");
script_summary(english:"Check for the GraphicsMagick-988 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update of GraphicsMagick fixes an integer overflow in the
XMakeImage() function that allowed remote attackers to cause a
denial-of-service and possibly the execution of arbitrary code via a
crafted TIFF file. (CVE-2009-1882)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=507728"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected GraphicsMagick packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.1", reference:"GraphicsMagick-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"GraphicsMagick-devel-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libGraphicsMagick++-devel-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libGraphicsMagick++2-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libGraphicsMagick2-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libGraphicsMagickWand1-1.2.5-4.25.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"perl-GraphicsMagick-1.2.5-4.25.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | graphicsmagick | p-cpe:/a:novell:opensuse:graphicsmagick |
| novell | opensuse | graphicsmagick-devel | p-cpe:/a:novell:opensuse:graphicsmagick-devel |
| novell | opensuse | libgraphicsmagick%2b%2b-devel | p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel |
| novell | opensuse | libgraphicsmagick%2b%2b2 | p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b2 |
| novell | opensuse | libgraphicsmagick2 | p-cpe:/a:novell:opensuse:libgraphicsmagick2 |
| novell | opensuse | libgraphicsmagickwand1 | p-cpe:/a:novell:opensuse:libgraphicsmagickwand1 |
| novell | opensuse | perl-graphicsmagick | p-cpe:/a:novell:opensuse:perl-graphicsmagick |
| novell | opensuse | 11.1 | cpe:/o:novell:opensuse:11.1 |
Related
nessus
nessus
CentOS 4 : ImageMagick (CESA-2010:0653)
2010-08-26 00:00:00
ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
2009-05-29 00:00:00
Fedora 12 : GraphicsMagick-1.3.7-4.fc12 (2010-0036)
2010-07-01 00:00:00
openvas
openvas
CentOS Update for ImageMagick CESA-2010:0653 centos4 i386
2010-08-30 00:00:00
Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick)
2009-10-13 00:00:00
SLES11: Security update for ImageMagick
2009-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: GraphicsMagick-1.3.7-4.fc12
2010-01-12 20:38:34
[SECURITY] Fedora 11 Update: ImageMagick-6.5.1.2-2.fc11
2010-01-07 21:51:05
[SECURITY] Fedora 11 Update: GraphicsMagick-1.3.7-4.fc11
2010-01-12 20:48:55
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2010-08-25 00:00:00
ImageMagick security update
2010-08-25 00:00:00
ImageMagick security and bug fix update
2012-03-01 00:00:00
prion
prion
Integer overflow
2009-06-02 15:30:00
centos
centos
ImageMagick security update
2010-08-25 17:20:42
ImageMagick security update
2010-08-25 17:23:04
ubuntu
ubuntu
ImageMagick vulnerability
2009-06-08 00:00:00
redhat
redhat
(RHSA-2010:0653) Moderate: ImageMagick security update
2010-08-25 00:00:00
(RHSA-2010:0652) Moderate: ImageMagick security and bug fix update
2010-08-25 00:00:00
cvelist
cvelist
CVE-2009-1882
2009-06-02 15:00:00
securityvulns
securityvulns
ImageMagick integer overflow
2009-06-09 00:00:00
[USN-784-1] ImageMagick vulnerability
2009-06-09 00:00:00
gentoo
gentoo
ImageMagick: User-assisted execution of arbitrary code
2010-06-01 00:00:00
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00
nvd
nvd
CVE-2009-1882
2009-06-02 15:30:00
cve
cve
CVE-2009-1882
2009-06-02 15:30:00
ubuntucve
ubuntucve
CVE-2009-1882
2009-06-02 00:00:00
debiancve
debiancve
CVE-2009-1882
2009-06-02 15:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:34
debian
debian
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.055
Percentile
93.2%
Related for SUSE_11_1_GRAPHICSMAGICK-090609.NASL