Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:024: ImageMagick Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the ImageMagick package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:024 (ImageMagick).
The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute
arbitrary commands via shell metacharacters in a filename that is processed by
the display command. (CVE-2005-4601) A format string vulnerability in the
SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions,
allows user-complicit attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a numeric format string specifier such as
%d in the file name, a variant of CVE-2005-0397, and as demonstrated using the
convert program. (CVE-2006-0082) The updated packages have been patched to
correct these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:024
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.