Vulnerabilities > CVE-2006-5868 - Remote Heap Buffer Overflow vulnerability in ImageMagick SGI Image File
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-223.NASL description Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24607 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24607 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:223) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:223. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24607); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-4144", "CVE-2006-5868"); script_xref(name:"MDKSA", value:"2006:223"); script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:223)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Image-Magick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-doc-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-devel-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"perl-Image-Magick-6.2.4.3-1.4.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-155.NASL description Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23899 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23899 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:155) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-386-1.NASL description Daniel Kobras discovered multiple buffer overflows in ImageMagick last seen 2020-06-01 modified 2020-06-02 plugin id 27969 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27969 title Ubuntu 5.10 / 6.06 LTS : imagemagick vulnerability (USN-386-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1213.NASL description Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0082 Daniel Kobras discovered that Imagemagick is vulnerable to format string attacks in the filename parsing code. - CVE-2006-4144 Damian Put discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. - CVE-2006-5456 M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer overflows in the module for DCM and PALM images. - CVE-2006-5868 Daniel Kobras discovered that Imagemagick is vulnerable to buffer overflows in the module for SGI images. This update also addresses regressions in the XCF codec, which were introduced in the previous security update. last seen 2020-06-01 modified 2020-06-02 plugin id 23662 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23662 title Debian DSA-1213-1 : imagemagick - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0015.NASL description Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 24357 published 2007-02-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24357 title CentOS 3 / 4 : ImageMagick (CESA-2007:0015) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0015.NASL description From Red Hat Security Advisory 2007:0015 : Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 67439 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67439 title Oracle Linux 3 / 4 : ImageMagick (ELSA-2007-0015) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-337-1.NASL description Damian Put discovered a buffer overflow in imagemagick last seen 2020-06-01 modified 2020-06-02 plugin id 27916 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27916 title Ubuntu 5.04 / 5.10 / 6.06 LTS : imagemagick vulnerability (USN-337-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_18E3A5BE81F911DB95A20012F06707F0.NASL description SecurityFocus reports about ImageMagick : ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library. last seen 2020-06-01 modified 2020-06-02 plugin id 23758 published 2006-12-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23758 title FreeBSD : ImageMagick -- SGI Image File heap overflow vulnerability (18e3a5be-81f9-11db-95a2-0012f06707f0) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0015.NASL description Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 24363 published 2007-02-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24363 title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2007:0015)
Oval
| accepted | 2013-04-29T04:07:05.758-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10612 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://secunia.com/advisories/22998
- http://secunia.com/advisories/23101
- http://secunia.com/advisories/23219
- http://secunia.com/advisories/24186
- http://secunia.com/advisories/24284
- http://www.debian.org/security/2006/dsa-1213
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:223
- http://www.redhat.com/support/errata/RHSA-2007-0015.html
- http://www.securityfocus.com/bid/21185
- http://www.ubuntu.com/usn/usn-386-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10612