ID de Prueba:	1.3.6.1.4.1.25623.1.0.831673
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)
Resumen:	The remote host is missing an update for the 'imagemagick'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'imagemagick' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in imagemagick: Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory (CVE-2010-4167). A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247). A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248). The updated packages have been patched to correct these issues. Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: imagemagick on Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4167 42497 http://secunia.com/advisories/42497 42744 http://secunia.com/advisories/42744 45044 http://www.securityfocus.com/bid/45044 48100 http://secunia.com/advisories/48100 49063 http://secunia.com/advisories/49063 ADV-2010-3150 http://www.vupen.com/english/advisories/2010/3150 ADV-2010-3322 http://www.vupen.com/english/advisories/2010/3322 FEDORA-2010-19025 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.html FEDORA-2010-19056 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052599.html RHSA-2012:0544 http://rhn.redhat.com/errata/RHSA-2012-0544.html USN-1028-1 http://www.ubuntu.com/usn/USN-1028-1 [oss-security] 20101112 CVE request: ImageMagick opens config files in $CWD http://www.openwall.com/lists/oss-security/2010/11/13/1 [oss-security] 20101115 Re: CVE request: ImageMagick opens config files in $CWD http://www.openwall.com/lists/oss-security/2010/11/15/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824 http://www.imagemagick.org/script/changelog.php https://bugzilla.redhat.com/show_bug.cgi?id=652860 Common Vulnerability Exposure (CVE) ID: CVE-2012-0247 Debian Security Information: DSA-2427 (Google Search) http://www.debian.org/security/2012/dsa-2427 http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.osvdb.org/79003 RedHat Security Advisories: RHSA-2012:0544 RedHat Security Advisories: RHSA-2012:0545 http://rhn.redhat.com/errata/RHSA-2012-0545.html http://www.securitytracker.com/id?1027032 http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0248 BugTraq ID: 51957 http://www.securityfocus.com/bid/51957 Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 47926 48974 http://secunia.com/advisories/48974 49043 49317 http://secunia.com/advisories/49317 51957 80556 http://www.osvdb.org/80556 DSA-2462 http://www.debian.org/security/2012/dsa-2462 USN-1435-1 [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 openSUSE-SU-2012:0692 http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0259 BugTraq ID: 52898 http://www.securityfocus.com/bid/52898 Debian Security Information: DSA-2462 (Google Search) http://www.cert.fi/en/reports/2012/vulnerability635606.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 http://www.osvdb.org/81021 http://secunia.com/advisories/48679 http://secunia.com/advisories/55035 SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search) XForce ISS Database: imagemagick-jpegexif-dos(74657) https://exchange.xforce.ibmcloud.com/vulnerabilities/74657 Common Vulnerability Exposure (CVE) ID: CVE-2012-0260 http://www.osvdb.org/81022 http://secunia.com/advisories/57224 http://www.ubuntu.com/usn/USN-2132-1 XForce ISS Database: imagemagick-jpegwarninghandler-dos(74658) https://exchange.xforce.ibmcloud.com/vulnerabilities/74658 Common Vulnerability Exposure (CVE) ID: CVE-2012-1798 http://www.osvdb.org/81023 XForce ISS Database: imagemagick-tiffexififd-dos(74659) https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.