Executive Summary
Summary | |
---|---|
Title | ImageMagick vulnerability |
Informations | |||
---|---|---|---|
Name | USN-386-1 | First vendor Publication | 2006-11-28 |
Vendor | Ubuntu | Last vendor Modification | 2006-11-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI file format decoder. By tricking a user or an automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-386-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10612 | |||
Oval ID: | oval:org.mitre.oval:def:10612 | ||
Title: | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | ||
Description: | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5868 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: ImageMagick File : nvt/freebsd_ImageMagick5.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1213-1 (imagemagick) File : nvt/deb_1213_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
27951 | ImageMagick ReadSGIImage() Function SGI File Processing Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-337-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-386-1.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-223.nasl - Type : ACT_GATHER_INFO |
2007-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2007-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0015.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-155.nasl - Type : ACT_GATHER_INFO |
2006-12-04 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_18e3a5be81f911db95a20012f06707f0.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1213.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:58 |
|