Vulnerabilities > CVE-2008-3134 - Resource Management Errors vulnerability in Graphicsmagick

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
graphicsmagick
CWE-399
nessus

Summary

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1903.NASL
    descriptionSeveral vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id44768
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44768
    titleDebian DSA-1903-1 : graphicsmagick - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1903. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44768);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:22");
    
      script_cve_id("CVE-2007-1667", "CVE-2007-1797", "CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2008-1096", "CVE-2008-3134", "CVE-2008-6070", "CVE-2008-6071", "CVE-2008-6072", "CVE-2008-6621", "CVE-2009-1882");
      script_xref(name:"DSA", value:"1903");
    
      script_name(english:"Debian DSA-1903-1 : graphicsmagick - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in graphicsmagick, a
    collection of image processing tool, which can lead to the execution
    of arbitrary code, exposure of sensitive information or cause DoS. The
    Common Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-1667
        Multiple integer overflows in XInitImage function in
        xwd.c for GraphicsMagick, allow user-assisted remote
        attackers to cause a denial of service (crash) or obtain
        sensitive information via crafted images with large or
        negative values that trigger a buffer overflow. It only
        affects the oldstable distribution (etch).
    
      - CVE-2007-1797
        Multiple integer overflows allow remote attackers to
        execute arbitrary code via a crafted DCM image, or the
        colors or comments field in a crafted XWD image. It only
        affects the oldstable distribution (etch).
    
      - CVE-2007-4985
        A crafted image file can trigger an infinite loop in the
        ReadDCMImage function or in the ReadXCFImage function.
        It only affects the oldstable distribution (etch).
    
      - CVE-2007-4986
        Multiple integer overflows allow context-dependent
        attackers to execute arbitrary code via a crafted .dcm,
        .dib, .xbm, .xcf, or .xwd image file, which triggers a
        heap-based buffer overflow. It only affects the
        oldstable distribution (etch).
    
      - CVE-2007-4988
        A sign extension error allows context-dependent
        attackers to execute arbitrary code via a crafted width
        value in an image file, which triggers an integer
        overflow and a heap-based buffer overflow. It affects
        only the oldstable distribution (etch).
    
      - CVE-2008-1096
        The load_tile function in the XCF coder allows
        user-assisted remote attackers to cause a denial of
        service or possibly execute arbitrary code via a crafted
        .xcf file that triggers an out-of-bounds heap write. It
        affects only oldstable (etch).
    
      - CVE-2008-3134
        Multiple vulnerabilities in GraphicsMagick before 1.2.4
        allow remote attackers to cause a denial of service
        (crash, infinite loop, or memory consumption) via
        vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA,
        and TGA decoder readers; and the GetImageCharacteristics
        function in magick/image.c, as reachable from a crafted
        PNG, JPEG, BMP, or TIFF file.
    
      - CVE-2008-6070
        Multiple heap-based buffer underflows in the
        ReadPALMImage function in coders/palm.c in
        GraphicsMagick before 1.2.3 allow remote attackers to
        cause a denial of service (crash) or possibly execute
        arbitrary code via a crafted PALM image.
    
      - CVE-2008-6071
        Heap-based buffer overflow in the DecodeImage function
        in coders/pict.c in GraphicsMagick before 1.1.14, and
        1.2.x before 1.2.3, allows remote attackers to cause a
        denial of service (crash) or possibly execute arbitrary
        code via a crafted PICT image.
    
      - CVE-2008-6072
        Multiple vulnerabilities in GraphicsMagick allow remote
        attackers to cause a denial of service (crash) via
        vectors in XCF and CINEON images.
    
      - CVE-2008-6621
        Vulnerability in GraphicsMagick allows remote attackers
        to cause a denial of service (crash) via vectors in DPX
        images.
    
      - CVE-2009-1882
        Integer overflow allows remote attackers to cause a
        denial of service (crash) and possibly execute arbitrary
        code via a crafted TIFF file, which triggers a buffer
        overflow."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491439"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-1667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-1797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-4985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-4986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-4988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-6070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-6071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-6072"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-6621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2009/dsa-1903"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the graphicsmagick packages.
    
    For the oldstable distribution (etch), these problems have been fixed
    in version 1.1.7-13+etch1.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 1.1.11-3.2+lenny1.
    
    For the upcoming stable distribution (squeeze) and the unstable
    distribution (sid), these problems have been fixed in version
    1.3.5-5.1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphicsmagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"graphicsmagick", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"graphicsmagick-dbg", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"graphicsmagick-imagemagick-compat", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"graphicsmagick-libmagick-dev-compat", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libgraphics-magick-perl", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libgraphicsmagick++1", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libgraphicsmagick++1-dev", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libgraphicsmagick1", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libgraphicsmagick1-dev", reference:"1.1.7-13+etch1")) flag++;
    if (deb_check(release:"5.0", prefix:"graphicsmagick", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"graphicsmagick-dbg", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"graphicsmagick-imagemagick-compat", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"graphicsmagick-libmagick-dev-compat", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libgraphics-magick-perl", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libgraphicsmagick++1", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libgraphicsmagick++1-dev", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libgraphicsmagick1", reference:"1.1.11-3.2+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libgraphicsmagick1-dev", reference:"1.1.11-3.2+lenny1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GRAPHICSMAGICK-080929.NASL
    descriptionSpecially crafted image files could crash GraphicsMagick (CVE-2008-3134).
    last seen2020-06-01
    modified2020-06-02
    plugin id39878
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39878
    titleopenSUSE Security Update : GraphicsMagick (GraphicsMagick-229)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update GraphicsMagick-229.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39878);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-3134");
    
      script_name(english:"openSUSE Security Update : GraphicsMagick (GraphicsMagick-229)");
      script_summary(english:"Check for the GraphicsMagick-229 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Specially crafted image files could crash GraphicsMagick
    (CVE-2008-3134)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=408852"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected GraphicsMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"GraphicsMagick-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"GraphicsMagick-devel-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick++-devel-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick++1-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick1-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagickWand0-1.1.11-29.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"perl-GraphicsMagick-1.1.11-29.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-devel / libGraphicsMagick++-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GRAPHICSMAGICK-5646.NASL
    descriptionSpecially crafted image files could crash GraphicsMagick (CVE-2008-3134).
    last seen2020-06-01
    modified2020-06-02
    plugin id34317
    published2008-10-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34317
    titleopenSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5646)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update GraphicsMagick-5646.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34317);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-3134");
    
      script_name(english:"openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5646)");
      script_summary(english:"Check for the GraphicsMagick-5646 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Specially crafted image files could crash GraphicsMagick
    (CVE-2008-3134)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected GraphicsMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-1.1.7-35.9") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-1.1.7-35.9") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-devel-1.1.7-35.9") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-devel-1.1.7-35.9") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"perl-GraphicsMagick-1.1.7-35.9") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"GraphicsMagick-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"GraphicsMagick-devel-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick++-devel-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick++1-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick1-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagickWand0-1.1.8-20.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"perl-GraphicsMagick-1.1.8-20.6") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc");
    }
    

Statements

contributorMark J Cox
lastmodified2010-05-14
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3134