Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-4601 | First vendor Publication | 2005-12-31 |
Vendor | Cve | Last vendor Modification | 2018-10-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10353 | |||
Oval ID: | oval:org.mitre.oval:def:10353 | ||
Title: | The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. | ||
Description: | The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-4601 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-03 | Name : Solaris Update for ImageMagick 136882-02 File : nvt/gb_solaris_136882_02.nasl |
2009-06-03 | Name : Solaris Update for ImageMagick 136883-02 File : nvt/gb_solaris_136883_02.nasl |
2009-06-03 | Name : Solaris Update for ImageMagick 137038-01 File : nvt/gb_solaris_137038_01.nasl |
2009-06-03 | Name : Solaris Update for ImageMagick 137039-01 File : nvt/gb_solaris_137039_01.nasl |
2009-02-27 | Name : Fedora Update for GraphicsMagick FEDORA-2007-1340 File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 957-1 (imagemagick) File : nvt/deb_957_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 957-2 (imagemagick) File : nvt/deb_957_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-03 imagemagick File : nvt/esoft_slk_ssa_2006_045_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22121 | ImageMagick Delegate Code Multiple Utility Crafted File Name Arbitrary Shell ... Various ImageMagick utilities fail to correctly validate image file names. The issue is triggered when specially crafted shell commands are part of the file name provided. It is possible that the flaw may allow execution of arbitrary shell commands, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1340.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-957.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0178.nasl - Type : ACT_GATHER_INFO |
2006-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-246-1.nasl - Type : ACT_GATHER_INFO |
2006-02-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-045-03.nasl - Type : ACT_GATHER_INFO |
2006-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0178.nasl - Type : ACT_GATHER_INFO |
2006-01-29 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-024.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:30 |
|
2021-04-22 01:03:47 |
|
2020-05-23 00:17:12 |
|
2018-10-19 21:19:43 |
|
2017-10-11 09:23:36 |
|
2017-07-20 09:23:15 |
|
2016-06-28 15:31:26 |
|
2016-04-26 14:07:28 |
|
2014-02-17 10:34:02 |
|
2013-05-11 11:38:17 |
|