Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2006:024: ImageMagick Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the ImageMagick package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2006:024 (ImageMagick).



The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute
arbitrary commands via shell metacharacters in a filename that is processed by
the display command. (CVE-2005-4601) A format string vulnerability in the
SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions,
allows user-complicit attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a numeric format string specifier such as
%d in the file name, a variant of CVE-2005-0397, and as demonstrated using the
convert program. (CVE-2006-0082) The updated packages have been patched to
correct these issues.



Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:024
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.