Vulnerabilities > CVE-2007-0770

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.

Vulnerable Configurations

Part Description Count
Application
Graphicsmagick
1
Application
Imagemagick
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_IMAGEMAGICK-2592.NASL
    descriptionThis update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen2020-06-01
    modified2020-06-02
    plugin id29350
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29350
    titleSuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2592)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29350);
      script_version ("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-5456", "CVE-2007-0770");
    
      script_name(english:"SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2592)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a broken patch for CVE-2006-5456 and minor
    non-security issues. (CVE-2007-0770)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-5456.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0770.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2592.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"ImageMagick-6.2.5-16.17")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"ImageMagick-Magick++-6.2.5-16.17")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"ImageMagick-devel-6.2.5-16.17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-041.NASL
    descriptionVladimir Nadvornik discovered a buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. This is related to an earlier fix for CVE-2006-5456 that did not fully correct the issue. Updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24654
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24654
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:041. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24654);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2007-0770");
      script_bugtraq_id(20707);
      script_xref(name:"MDKSA", value:"2007:041");
    
      script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and
    ImageMagick allows user-assisted attackers to cause a denial of
    service and possibly execute execute arbitrary code via a PALM image
    that is not properly handled by the ReadPALMImage function in
    coders/palm.c.
    
    This is related to an earlier fix for CVE-2006-5456 that did not fully
    correct the issue.
    
    Updated packages have been patched to correct this issue."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick10.4.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick10.4.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick10.4.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Image-Magick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"ImageMagick-doc-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"perl-Image-Magick-6.2.4.3-1.5.20060mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2007.0", reference:"ImageMagick-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"ImageMagick-doc-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libMagick10.4.0-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"perl-Image-Magick-6.2.9.2-1.2mdv2007.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GRAPHICSMAGICK-2593.NASL
    descriptionThis update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen2020-06-01
    modified2020-06-02
    plugin id27102
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27102
    titleopenSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-2593)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update GraphicsMagick-2593.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27102);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-5456", "CVE-2007-0770");
    
      script_name(english:"openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-2593)");
      script_summary(english:"Check for the GraphicsMagick-2593 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a broken patch for CVE-2006-5456 and minor
    non-security issues. (CVE-2007-0770)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected GraphicsMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-1.1.7-35.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-1.1.7-35.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-devel-1.1.7-35.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-devel-1.1.7-35.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"perl-GraphicsMagick-1.1.7-35.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_IMAGEMAGICK-2585.NASL
    descriptionThis update fixes a broken patch for CVE-2006-5456 and minor non-security issues. (CVE-2007-0770)
    last seen2020-06-01
    modified2020-06-02
    plugin id27107
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27107
    titleopenSUSE 10 Security Update : ImageMagick (ImageMagick-2585)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update ImageMagick-2585.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27107);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-5456", "CVE-2007-0770");
    
      script_name(english:"openSUSE 10 Security Update : ImageMagick (ImageMagick-2585)");
      script_summary(english:"Check for the ImageMagick-2585 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a broken patch for CVE-2006-5456 and minor
    non-security issues. (CVE-2007-0770)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ImageMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-Magick++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-Magick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"ImageMagick-6.2.5-16.17") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"ImageMagick-Magick++-6.2.5-16.17") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"ImageMagick-Magick++-devel-6.2.5-16.17") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"ImageMagick-devel-6.2.5-16.17") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"perl-PerlMagick-6.2.5-16.17") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"ImageMagick-6.3.0.0-27.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"ImageMagick-Magick++-6.3.0.0-27.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"ImageMagick-Magick++-devel-6.3.0.0-27.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"ImageMagick-devel-6.3.0.0-27.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"perl-PerlMagick-6.3.0.0-27.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1260.NASL
    descriptionVladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective. To avoid confusion a new CVE ID has been assigned; the original issue was tracked as CVE-2006-5456.
    last seen2020-06-01
    modified2020-06-02
    plugin id24347
    published2007-02-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24347
    titleDebian DSA-1260-1 : imagemagick - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1260. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24347);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0770");
      script_xref(name:"DSA", value:"1260");
    
      script_name(english:"Debian DSA-1260-1 : imagemagick - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vladimir Nadvornik discovered that the fix for a vulnerability in the
    PALM decoder of Imagemagick, a collection of image manipulation
    programs, was ineffective. To avoid confusion a new CVE ID has been
    assigned; the original issue was tracked as CVE-2006-5456."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2007/dsa-1260"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the imagemagick packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 6:6.0.6.2-2.9.
    
    For the upcoming stable distribution (etch) this problem has been
    fixed in version 7:6.2.4.5.dfsg1-0.14."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/15");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"imagemagick", reference:"6:6.0.6.2-2.9")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick++6", reference:"6:6.0.6.2-2.9")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick++6-dev", reference:"6:6.0.6.2-2.9")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick6", reference:"6:6.0.6.2-2.9")) flag++;
    if (deb_check(release:"3.1", prefix:"libmagick6-dev", reference:"6:6.0.6.2-2.9")) flag++;
    if (deb_check(release:"3.1", prefix:"perlmagick", reference:"6:6.0.6.2-2.9")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-422-1.NASL
    descriptionVladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28014
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28014
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerabilities (USN-422-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-422-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28014);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2006-5456", "CVE-2007-0770");
      script_bugtraq_id(20707);
      script_xref(name:"USN", value:"422-1");
    
      script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerabilities (USN-422-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released
    in USN-372-1, did not correctly solve the original flaw in PALM image
    handling. By tricking a user into processing a specially crafted image
    with an application that uses imagemagick, an attacker could execute
    arbitrary code with the user's privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/422-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++6c2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++9-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++9c2a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick9-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.10", pkgname:"imagemagick", pkgver:"6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libmagick++6-dev", pkgver:"6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libmagick++6c2", pkgver:"6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libmagick6", pkgver:"6:6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libmagick6-dev", pkgver:"6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perlmagick", pkgver:"6.2.3.4-1ubuntu1.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"imagemagick", pkgver:"6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libmagick++9-dev", pkgver:"6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libmagick++9c2a", pkgver:"6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libmagick9", pkgver:"6:6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libmagick9-dev", pkgver:"6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"perlmagick", pkgver:"6.2.4.5-0.6ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"imagemagick", pkgver:"6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmagick++9-dev", pkgver:"6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmagick++9c2a", pkgver:"6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmagick9", pkgver:"7:6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmagick9-dev", pkgver:"6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"perlmagick", pkgver:"6.2.4.5.dfsg1-0.10ubuntu0.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++6-dev / libmagick++6c2 / libmagick++9-dev / etc");
    }
    

Statements

contributorMark J Cox
lastmodified2007-02-14
organizationRed Hat
statementNot vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue.