Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:494

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51151

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:494

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:494.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A heap overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted BMP file in such a way that it
would cause ImageMagick to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0827 to this issue.

A temporary file handling bug has been found in ImageMagick's libmagick
library. A local user could overwrite or create files as a different user
if a program was linked with the vulnerable library. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2003-0455 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-494.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0455
Bugtraq: 20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick) (Google Search)
http://marc.info/?l=bugtraq&m=105786393628728&w=2
Debian Security Information: DSA-331 (Google Search)
http://www.debian.org/security/2003/dsa-331
http://www.redhat.com/support/errata/RHSA-2004-494.html
Common Vulnerability Exposure (CVE) ID: CVE-2004-0827
Debian Security Information: DSA-547 (Google Search)
http://www.debian.org/security/2004/dsa-547
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123
http://www.redhat.com/support/errata/RHSA-2004-480.html
http://secunia.com/advisories/28800
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
http://www.vupen.com/english/advisories/2008/0412
XForce ISS Database: imagemagick-bmp-Bo(17173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17173

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51151
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:494
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:494. ImageMagick(TM) is an image display and manipulation tool for the X Window System. A heap overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue. A temporary file handling bug has been found in ImageMagick's libmagick library. A local user could overwrite or create files as a different user if a program was linked with the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0455 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-494.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0455 Bugtraq: 20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick) (Google Search) http://marc.info/?l=bugtraq&m=105786393628728&w=2 Debian Security Information: DSA-331 (Google Search) http://www.debian.org/security/2003/dsa-331 http://www.redhat.com/support/errata/RHSA-2004-494.html Common Vulnerability Exposure (CVE) ID: CVE-2004-0827 Debian Security Information: DSA-547 (Google Search) http://www.debian.org/security/2004/dsa-547 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11123 http://www.redhat.com/support/errata/RHSA-2004-480.html http://secunia.com/advisories/28800 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 http://www.vupen.com/english/advisories/2008/0412 XForce ISS Database: imagemagick-bmp-Bo(17173) https://exchange.xforce.ibmcloud.com/vulnerabilities/17173
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com