 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53749 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-702-1) |
| Summary: | The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DSA-702-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DSA-702-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. CAN-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. CAN-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. CAN-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file. For the stable distribution (woody) these problems have been fixed in version 5.4.4.5-1woody6. For the unstable distribution (sid) these problems have been fixed in version 6.0.6.2-2.2. We recommend that you upgrade your imagemagick package. Affected Software/OS: 'imagemagick' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0397 20050303 [USN-90-1] Imagemagick vulnerability http://marc.info/?l=bugtraq&m=110987256010857&w=2 DSA-702 http://www.debian.org/security/2005/dsa-702 GLSA-200503-11 http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml RHSA-2005:070 http://www.redhat.com/support/errata/RHSA-2005-070.html RHSA-2005:320 http://www.redhat.com/support/errata/RHSA-2005-320.html SUSE-SA:2005:017 http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html http://bugs.gentoo.org/show_bug.cgi?id=83542 imagemagick-filename-format-string(19586) https://exchange.xforce.ibmcloud.com/vulnerabilities/19586 oval:org.mitre.oval:def:10302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10302 Common Vulnerability Exposure (CVE) ID: CVE-2005-0759 1013550 http://securitytracker.com/id?1013550 12875 http://www.securityfocus.com/bid/12875 https://rhn.redhat.com/errata/RHSA-2005-070.html oval:org.mitre.oval:def:11022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11022 Common Vulnerability Exposure (CVE) ID: CVE-2005-0760 oval:org.mitre.oval:def:11184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184 Common Vulnerability Exposure (CVE) ID: CVE-2005-0762 http://rhn.redhat.com/errata/RHSA-2005-070.html oval:org.mitre.oval:def:9736 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9736 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |