Vulnerability Bulletins |
Compromiso de root en imagemagick |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | imagemagick |
Description |
|
Se ha encontrado una vulnerabilidad de desbordamiento de búfer en imagemagick. La correcta explotación de dicha vulnerabilidad podría permitir que un atacante comprometa el sistema afectado. |
|
Solution |
|
Actualixación de software Debian Linux Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.dsc http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.diff.gz http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_alpha.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_alpha.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_alpha.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_alpha.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_alpha.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_alpha.deb ARM: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_arm.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_arm.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_arm.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_arm.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_arm.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_i386.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_i386.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_i386.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_i386.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_i386.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_ia64.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_ia64.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_ia64.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_ia64.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_ia64.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_ia64.deb HPPA: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_hppa.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_hppa.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_hppa.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_hppa.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_hppa.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_m68k.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_m68k.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_m68k.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_m68k.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_m68k.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mips.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mips.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mips.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mips.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mips.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mipsel.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mipsel.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mipsel.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mipsel.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mipsel.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_powerpc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_powerpc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_powerpc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_powerpc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_powerpc.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_s390.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_s390.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_s390.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_s390.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_s390.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_sparc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_sparc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_sparc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_sparc.deb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_sparc.deb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_sparc.deb SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libMagick6.4.0-6.0.4.4-5.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0005 |
BID | |
Other resources |
|
Debian Security Advisory DSA-646-1 http://www.debian.org/security/2005/dsa-646 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:071-07 https://rhn.redhat.com/errata/RHSA-2005-071.html Mandrakesoft Security Advisories MDKSA-2005:065 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:065 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-01-20 |
1.1 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:071-07) | 2005-02-16 |
1.3 | Aviso emitido por Mandrake (MDKSA-2005:065) | 2005-04-04 |