Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:636

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51054

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:636

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:636.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CVE-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-636.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0981
BugTraq ID: 11548
http://www.securityfocus.org/bid/11548
http://security.gentoo.org/glsa/glsa-200411-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10472
http://secunia.com/advisories/12995/
https://www.ubuntu.com/usn/usn-7-1/
XForce ISS Database: imagemagick-exif-image-bo(17903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17903
Common Vulnerability Exposure (CVE) ID: CVE-2004-0827
Debian Security Information: DSA-547 (Google Search)
http://www.debian.org/security/2004/dsa-547
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123
http://www.redhat.com/support/errata/RHSA-2004-480.html
http://www.redhat.com/support/errata/RHSA-2004-494.html
http://secunia.com/advisories/28800
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
http://www.vupen.com/english/advisories/2008/0412
XForce ISS Database: imagemagick-bmp-Bo(17173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17173

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51054
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:636
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:636. ImageMagick(TM) is an image display and manipulation tool for the X Window System. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to this issue. David Eisenstein has reported that our previous fix for CVE-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-636.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0981 BugTraq ID: 11548 http://www.securityfocus.org/bid/11548 http://security.gentoo.org/glsa/glsa-200411-11.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10472 http://secunia.com/advisories/12995/ https://www.ubuntu.com/usn/usn-7-1/ XForce ISS Database: imagemagick-exif-image-bo(17903) https://exchange.xforce.ibmcloud.com/vulnerabilities/17903 Common Vulnerability Exposure (CVE) ID: CVE-2004-0827 Debian Security Information: DSA-547 (Google Search) http://www.debian.org/security/2004/dsa-547 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123 http://www.redhat.com/support/errata/RHSA-2004-480.html http://www.redhat.com/support/errata/RHSA-2004-494.html http://secunia.com/advisories/28800 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 http://www.vupen.com/english/advisories/2008/0412 XForce ISS Database: imagemagick-bmp-Bo(17173) https://exchange.xforce.ibmcloud.com/vulnerabilities/17173
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com