Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:070

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51903

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:070

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:070.

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0759 to this issue.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0760 to this issue.

A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0761 to this issue.

A heap overflow bug was found in ImageMagick's SGI parser. It is possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0762 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-070.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0005
Bugtraq: 20050118 [USN-62-1] imagemagick vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110608222117215&w=2
Debian Security Information: DSA-646 (Google Search)
http://www.debian.org/security/2005/dsa-646
http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml
http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925
http://www.redhat.com/support/errata/RHSA-2005-070.html
http://www.redhat.com/support/errata/RHSA-2005-071.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-0397
20050303 [USN-90-1] Imagemagick vulnerability
http://marc.info/?l=bugtraq&m=110987256010857&w=2
DSA-702
http://www.debian.org/security/2005/dsa-702
GLSA-200503-11
http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml
RHSA-2005:070
RHSA-2005:320
http://www.redhat.com/support/errata/RHSA-2005-320.html
SUSE-SA:2005:017
http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html
http://bugs.gentoo.org/show_bug.cgi?id=83542
imagemagick-filename-format-string(19586)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19586
oval:org.mitre.oval:def:10302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10302
Common Vulnerability Exposure (CVE) ID: CVE-2005-0759
1013550
http://securitytracker.com/id?1013550
12875
http://www.securityfocus.com/bid/12875
https://rhn.redhat.com/errata/RHSA-2005-070.html
oval:org.mitre.oval:def:11022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11022
Common Vulnerability Exposure (CVE) ID: CVE-2005-0760
oval:org.mitre.oval:def:11184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184
Common Vulnerability Exposure (CVE) ID: CVE-2005-0761
12876
http://www.securityfocus.com/bid/12876
http://rhn.redhat.com/errata/RHSA-2005-070.html
oval:org.mitre.oval:def:11150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11150
Common Vulnerability Exposure (CVE) ID: CVE-2005-0762
oval:org.mitre.oval:def:9736
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9736

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51903
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:070
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:070. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0759 to this issue. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0760 to this issue. A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0761 to this issue. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0762 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-070.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0005 Bugtraq: 20050118 [USN-62-1] imagemagick vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110608222117215&w=2 Debian Security Information: DSA-646 (Google Search) http://www.debian.org/security/2005/dsa-646 http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925 http://www.redhat.com/support/errata/RHSA-2005-070.html http://www.redhat.com/support/errata/RHSA-2005-071.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0397 20050303 [USN-90-1] Imagemagick vulnerability http://marc.info/?l=bugtraq&m=110987256010857&w=2 DSA-702 http://www.debian.org/security/2005/dsa-702 GLSA-200503-11 http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml RHSA-2005:070 RHSA-2005:320 http://www.redhat.com/support/errata/RHSA-2005-320.html SUSE-SA:2005:017 http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html http://bugs.gentoo.org/show_bug.cgi?id=83542 imagemagick-filename-format-string(19586) https://exchange.xforce.ibmcloud.com/vulnerabilities/19586 oval:org.mitre.oval:def:10302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10302 Common Vulnerability Exposure (CVE) ID: CVE-2005-0759 1013550 http://securitytracker.com/id?1013550 12875 http://www.securityfocus.com/bid/12875 https://rhn.redhat.com/errata/RHSA-2005-070.html oval:org.mitre.oval:def:11022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11022 Common Vulnerability Exposure (CVE) ID: CVE-2005-0760 oval:org.mitre.oval:def:11184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184 Common Vulnerability Exposure (CVE) ID: CVE-2005-0761 12876 http://www.securityfocus.com/bid/12876 http://rhn.redhat.com/errata/RHSA-2005-070.html oval:org.mitre.oval:def:11150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11150 Common Vulnerability Exposure (CVE) ID: CVE-2005-0762 oval:org.mitre.oval:def:9736 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9736
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com