int(2151)

Boletines de Vulnerabilidades

Bug de formato en ImageMagick

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de privilegios
Dificultad Experto
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema
Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado ImageMagick <= 6.2.5

Descripción
Se ha descubierto un bug de formato en ImageMagick 6.2.5 y anteriores. La vulnerabilidad reside en que "image.c" no valida correctamente ciertas entradas pasadas por línea de comandos a la utilidad "convert".

Un atacante local podría causar una denegación de servicio y posiblemente elevar sus privilegios mediante una el uso de "convert" pasando como nombre de fichero de salida especificadores numéricos de formateo de cadenas.

Solución


Actualización de software

Mandriva

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.5.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.5.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.5.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.5.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.5.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.5.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.5.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.5.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.5.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.5.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.5.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.5.C30mdk.src.rpm

Mandrivalinux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/ImageMagick-6.2.4.3-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libMagick8.4.2-6.2.4.3-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libMagick8.4.2-devel-6.2.4.3-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/ImageMagick-6.2.4.3-1.1.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/ImageMagick-6.2.4.3-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64Magick8.4.2-6.2.4.3-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64Magick8.4.2-devel-6.2.4.3-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/ImageMagick-6.2.4.3-1.1.20060mdk.src.rpm

Red Hat
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 Itanium Processor
https://rhn.redhat.com/

SGI
Advanced Linux Environment 3 / RPM / Patch 10279
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
Advanced Linux Environment 3 / SRPM / Patch 10279
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SUSE Linux
Actualizar mediante YaST Online Update

Debian

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.dsc
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.diff.gz
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_alpha.deb
AMD64
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_amd64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_amd64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_amd64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_amd64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_amd64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_amd64.deb
ARM
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_arm.deb
HP Precision
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_hppa.deb
Intel IA-32
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_ia64.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_sparc.deb

Sun(231321)
Solaris 9 / SPARC / patch 137038-01
Solaris 10 / SPARC / patch 136882-01
Solaris 9 / x86 / patch 137039-01
Solaris 10 / x86 / patch 136883-01
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Identificadores estándar
Propiedad Valor
CVE CVE-2006-0082
BID 12717

Recursos adicionales
Mandriva Security Advisory (MDKSA-2006:024)
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:024

Red Hat Security Advisory (RHSA-2006:0178-4)
https://rhn.redhat.com/errata/RHSA-2006-0178.html

SGI Security Advisory (20060301-01-U)
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc

SUSE Security Summary Report SUSE-SR:2006:006
http://www.novell.com/linux/security/advisories/2006_06_sr.html

Debian Security Advisory (DSA 1213-1)
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00310.html

Sun Alert Notification (231321)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231321-1

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2006-01-31
1.1 Aviso emitido por Red Hat (RHSA-2006:0178-4) 2006-02-14
1.2 Aviso emitido por SGI (20060301-01-U) 2006-03-10
1.3 Aviso emitido por SUSE (SUSE-SR:2006:006) 2006-03-28
1.4 Aviso emitido por Debian (DSA 1213-1) 2006-11-20
1.5 Aviso emitido 2008-02-01

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT