Vulnerabilities > CVE-2005-4601 - Unspecified vulnerability in Imagemagick 6.2.4.5

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
imagemagick
nessus

Summary

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-045-03.NASL
    descriptionNew imagemagick packages are available for Slackware 10.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20914
    published2006-02-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20914
    titleSlackware 10.2 / current : imagemagick (SSA:2006-045-03)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2006-045-03. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20914);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2005-4601", "CVE-2006-0082");
      script_xref(name:"SSA", value:"2006-045-03");
    
      script_name(english:"Slackware 10.2 / current : imagemagick (SSA:2006-045-03)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New imagemagick packages are available for Slackware 10.2 and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cb5a66ee"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected imagemagick package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"10.2", pkgname:"imagemagick", pkgver:"6.2.3_3", pkgarch:"i486", pkgnum:"2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"imagemagick", pkgver:"6.2.6_1", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-957.NASL
    descriptionFlorian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the
    last seen2020-06-01
    modified2020-06-02
    plugin id22823
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22823
    titleDebian DSA-957-2 : imagemagick - missing shell meta sanitising
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-957. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22823);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2005-4601");
      script_bugtraq_id(16093);
      script_xref(name:"DSA", value:"957");
    
      script_name(english:"Debian DSA-957-2 : imagemagick - missing shell meta sanitising");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Florian Weimer discovered that delegate code in ImageMagick is
    vulnerable to shell command injection using specially crafted file
    names. This allows attackers to encode commands inside of graphic
    commands. With some user interaction, this is exploitable through Gnus
    and Thunderbird. This update filters out the '$' character as well,
    which was forgotten in the former update."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-957"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the imagemagick packages.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 5.4.4.5-1woody8.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 6.0.6.2-2.6."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"imagemagick", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick++5", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick++5-dev", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick5", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick5-dev", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.0", prefix:"perlmagick", reference:"5.4.4.5-1woody8")) flag++;
    if (deb_check(release:"3.1", prefix:"imagemagick", reference:"6.0.6.2-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick++6", reference:"6.0.6.2-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick++6-dev", reference:"6.0.6.2-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick6", reference:"6.0.6.2-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick6-dev", reference:"6.0.6.2-2.6")) flag++;
    if (deb_check(release:"3.1", prefix:"perlmagick", reference:"6.0.6.2-2.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1340.NASL
    descriptionMaintainance update fixing several security issues and bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27710
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27710
    titleFedora 7 : GraphicsMagick-1.1.8-2.fc7 (2007-1340)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-1340.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27710);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2005-4601", "CVE-2006-0082", "CVE-2006-4144", "CVE-2006-5456", "CVE-2007-1797");
      script_xref(name:"FEDORA", value:"2007-1340");
    
      script_name(english:"Fedora 7 : GraphicsMagick-1.1.8-2.fc7 (2007-1340)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Maintainance update fixing several security issues and bugs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-July/002982.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?626378b0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-1.1.8-2.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-c++-1.1.8-2.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-c++-devel-1.1.8-2.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-debuginfo-1.1.8-2.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-devel-1.1.8-2.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"GraphicsMagick-perl-1.1.8-2.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-024.NASL
    descriptionThe delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions, allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. (CVE-2006-0082) The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20818
    published2006-01-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20818
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2006:024)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-246-1.NASL
    descriptionFlorian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be exploited to execute arbitrary commands with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id21054
    published2006-03-13
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21054
    titleUbuntu 4.10 / 5.04 / 5.10 : imagemagick vulnerabilities (USN-246-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0178.NASL
    descriptionUpdated ImageMagick packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id21888
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21888
    titleCentOS 3 / 4 : ImageMagick (CESA-2006:0178)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0178.NASL
    descriptionUpdated ImageMagick packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id20922
    published2006-02-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20922
    titleRHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2006:0178)

Oval

accepted2013-04-29T04:04:55.297-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
familyunix
idoval:org.mitre.oval:def:10353
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
version26

Redhat

advisories
rhsa
idRHSA-2006:0178
rpms
  • ImageMagick-0:5.5.6-18
  • ImageMagick-0:6.0.7.1-14
  • ImageMagick-c++-0:5.5.6-18
  • ImageMagick-c++-0:6.0.7.1-14
  • ImageMagick-c++-devel-0:5.5.6-18
  • ImageMagick-c++-devel-0:6.0.7.1-14
  • ImageMagick-debuginfo-0:5.5.6-18
  • ImageMagick-debuginfo-0:6.0.7.1-14
  • ImageMagick-devel-0:5.5.6-18
  • ImageMagick-devel-0:6.0.7.1-14
  • ImageMagick-perl-0:5.5.6-18
  • ImageMagick-perl-0:6.0.7.1-14