ID de Prueba:	1.3.6.1.4.1.25623.1.0.56259
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0178
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0178. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick's display command. It is possible to execute arbitrary commands by tricking a user into running display on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue. A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0178.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4601 BugTraq ID: 16093 http://www.securityfocus.com/bid/16093 Bugtraq: 20061127 rPSA-2006-0218-1 ImageMagick (Google Search) http://www.securityfocus.com/archive/1/452718/100/100/threaded Debian Security Information: DSA-957 (Google Search) http://www.debian.org/security/2006/dsa-957 http://www.mandriva.com/security/advisories?name=MDKSA-2006:024 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238 http://www.osvdb.org/22121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10353 RedHat Security Advisories: RHSA-2006:0178 http://rhn.redhat.com/errata/RHSA-2006-0178.html http://secunia.com/advisories/18261 http://secunia.com/advisories/18607 http://secunia.com/advisories/18631 http://secunia.com/advisories/18871 http://secunia.com/advisories/19183 http://secunia.com/advisories/19408 http://secunia.com/advisories/23090 http://secunia.com/advisories/28800 SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 SuSE Security Announcement: SUSE-SR:2006:006 (Google Search) http://www.novell.com/linux/security/advisories/2006_06_sr.html http://www.ubuntu.com/usn/usn-246-1 http://www.vupen.com/english/advisories/2008/0412 XForce ISS Database: imagemagick-filename-command-injection(23927) https://exchange.xforce.ibmcloud.com/vulnerabilities/23927 Common Vulnerability Exposure (CVE) ID: CVE-2006-0082 BugTraq ID: 12717 http://www.securityfocus.com/bid/12717 Debian Security Information: DSA-1213 (Google Search) http://www.debian.org/security/2006/dsa-1213 http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10717 http://securitytracker.com/id?1015623 http://secunia.com/advisories/18851 http://secunia.com/advisories/19030 http://secunia.com/advisories/22998 http://securityreason.com/securityalert/500
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.