Vulnerabilities > CVE-2004-0981

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
imagemagick
debian
gentoo
suse
critical
nessus

Summary

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-7-1.NASL
    descriptionA buffer overflow in imagemagick
    last seen2020-06-01
    modified2020-06-02
    plugin id20690
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20690
    titleUbuntu 4.10 : imagemagick vulnerability (USN-7-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-7-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20690);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2004-0981");
      script_xref(name:"USN", value:"7-1");
    
      script_name(english:"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow in imagemagick's EXIF parsing routine has been
    discovered in imagemagick versions prior to 6.1.0. Trying to query
    EXIF information of a malicious image file might result in execution
    of arbitrary code with the user's privileges.
    
    Since imagemagick can be used in custom printing systems, this also
    might lead to privilege escalation (execute code with the printer
    spooler's privileges). However, Ubuntu's standard printing system does
    not use imagemagick, thus there is no risk of privilege escalation in
    a standard installation.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"imagemagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libmagick6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libmagick6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perlmagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-593.NASL
    descriptionA vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15728
    published2004-11-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15728
    titleDebian DSA-593-1 : imagemagick - buffer overflow
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-10-1.NASL
    descriptionSeveral buffer overflows have been discovered in libxml2
    last seen2020-06-01
    modified2020-06-02
    plugin id20485
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20485
    titleUbuntu 4.10 : XML library vulnerabilities (USN-10-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EEB1C12833E711D9A9E70001020EED82.NASL
    descriptionThere exists a buffer overflow vulnerability in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id37043
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37043
    titleFreeBSD : ImageMagick -- EXIF parser buffer overflow (eeb1c128-33e7-11d9-a9e7-0001020eed82)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_IMAGEMAGICK_613.NASL
    descriptionThe following package needs to be updated: ImageMagick
    last seen2016-09-26
    modified2011-10-03
    plugin id15795
    published2004-11-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=15795
    titleFreeBSD : ImageMagick -- EXIF parser buffer overflow (3)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-143.NASL
    descriptionA vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id15916
    published2004-12-07
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15916
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-11 (ImageMagick: EXIF buffer overflow) ImageMagick fails to do proper bounds checking when handling image files with EXIF information. Impact : An attacker could use an image file with specially crafted EXIF information to cause arbitrary code execution with the permissions of the user running ImageMagick. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15645
    published2004-11-07
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15645
    titleGLSA-200411-11 : ImageMagick: EXIF buffer overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-636.NASL
    descriptionUpdated ImageMagick packages that fixes a buffer overflow are now available. ImageMagick(TM) is an image display and manipulation tool for the X Window System. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to this issue. David Eisenstein has reported that our previous fix for CVE-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id15946
    published2004-12-13
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15946
    titleRHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)

Oval

accepted2013-04-29T04:05:57.619-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionBuffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
familyunix
idoval:org.mitre.oval:def:10472
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
version26

Redhat

rpms
  • ImageMagick-0:5.5.6-7
  • ImageMagick-c++-0:5.5.6-7
  • ImageMagick-c++-devel-0:5.5.6-7
  • ImageMagick-debuginfo-0:5.5.6-7
  • ImageMagick-devel-0:5.5.6-7
  • ImageMagick-perl-0:5.5.6-7