Vulnerabilities > CVE-2004-0981
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-7-1.NASL description A buffer overflow in imagemagick last seen 2020-06-01 modified 2020-06-02 plugin id 20690 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20690 title Ubuntu 4.10 : imagemagick vulnerability (USN-7-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-7-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20690); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-0981"); script_xref(name:"USN", value:"7-1"); script_name(english:"Ubuntu 4.10 : imagemagick vulnerability (USN-7-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges. Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"imagemagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libmagick++6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libmagick6", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libmagick6-dev", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perlmagick", pkgver:"6.0.2.5-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++6 / libmagick++6-dev / libmagick6 / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-593.NASL description A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15728 published 2004-11-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15728 title Debian DSA-593-1 : imagemagick - buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-10-1.NASL description Several buffer overflows have been discovered in libxml2 last seen 2020-06-01 modified 2020-06-02 plugin id 20485 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20485 title Ubuntu 4.10 : XML library vulnerabilities (USN-10-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EEB1C12833E711D9A9E70001020EED82.NASL description There exists a buffer overflow vulnerability in ImageMagick last seen 2020-06-01 modified 2020-06-02 plugin id 37043 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37043 title FreeBSD : ImageMagick -- EXIF parser buffer overflow (eeb1c128-33e7-11d9-a9e7-0001020eed82) NASL family FreeBSD Local Security Checks NASL id FREEBSD_IMAGEMAGICK_613.NASL description The following package needs to be updated: ImageMagick last seen 2016-09-26 modified 2011-10-03 plugin id 15795 published 2004-11-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=15795 title FreeBSD : ImageMagick -- EXIF parser buffer overflow (3) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-143.NASL description A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 15916 published 2004-12-07 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15916 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2004:143) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-11.NASL description The remote host is affected by the vulnerability described in GLSA-200411-11 (ImageMagick: EXIF buffer overflow) ImageMagick fails to do proper bounds checking when handling image files with EXIF information. Impact : An attacker could use an image file with specially crafted EXIF information to cause arbitrary code execution with the permissions of the user running ImageMagick. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15645 published 2004-11-07 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15645 title GLSA-200411-11 : ImageMagick: EXIF buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-636.NASL description Updated ImageMagick packages that fixes a buffer overflow are now available. ImageMagick(TM) is an image display and manipulation tool for the X Window System. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0981 to this issue. David Eisenstein has reported that our previous fix for CVE-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 15946 published 2004-12-13 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15946 title RHEL 2.1 / 3 : ImageMagick (RHSA-2004:636)
Oval
| accepted | 2013-04-29T04:05:57.619-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10472 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | ||||||||
| version | 26 |
Redhat
| rpms |
|
References
- http://secunia.com/advisories/12995/
- http://security.gentoo.org/glsa/glsa-200411-11.xml
- http://www.imagemagick.org/www/Changelog.html
- http://www.securityfocus.org/bid/11548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17903
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10472
- https://www.ubuntu.com/usn/usn-7-1/