CVE-2005-0005
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:07:27
NMCOPS    

[原文]Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.


[CNNVD]ImageMagick .psd图象文件解码堆溢出漏洞(CNNVD-200505-572)

        ImageMagick PSD图象解码模块存在一个堆溢出漏洞,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:suse:suse_linux:8.0::i386
cpe:/a:graphicsmagick:graphicsmagick:1.1GraphicsMagick 1.1
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:gentoo:linux:0.7
cpe:/a:imagemagick:imagemagick:6.1.6ImageMagick 6.1.6
cpe:/a:imagemagick:imagemagick:6.1.5ImageMagick 6.1.5
cpe:/a:imagemagick:imagemagick:6.1.7ImageMagick 6.1.7
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/a:graphicsmagick:graphicsmagick:1.0GraphicsMagick 1.0
cpe:/a:imagemagick:imagemagick:6.1.1.6ImageMagick 6.1.1.6
cpe:/a:graphicsmagick:graphicsmagick:1.1.3GraphicsMagick 1.1.3
cpe:/a:graphicsmagick:graphicsmagick:1.1.4GraphicsMagick 1.1.4
cpe:/a:imagemagick:imagemagick:6.2.0.4ImageMagick 6.2.0.4
cpe:/a:imagemagick:imagemagick:6.0.1ImageMagick 6.0.1
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:gentoo:linux:1.2Gentoo Linux 1.2
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:imagemagick:imagemagick:6.2.0.7ImageMagick 6.2.0.7
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:gentoo:linux:1.4:rc2Gentoo Linux 1.4 rc2
cpe:/a:imagemagick:imagemagick:6.0.3ImageMagick 6.0.3
cpe:/o:gentoo:linux:1.4:rc1Gentoo Linux 1.4 rc1
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/a:imagemagick:imagemagick:6.0.2ImageMagick 6.0.2
cpe:/a:imagemagick:imagemagick:6.0.5ImageMagick 6.0.5
cpe:/o:gentoo:linux:1.4:rc3Gentoo Linux 1.4 rc3
cpe:/a:imagemagick:imagemagick:6.0.4ImageMagick 6.0.4
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/a:imagemagick:imagemagick:5.4.7ImageMagick 5.4.7
cpe:/a:imagemagick:imagemagick:6.0.2.5ImageMagick 6.0.2.5
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:imagemagick:imagemagick:5.4.3ImageMagick 5.4.3
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:gentoo:linux:1.1a
cpe:/a:imagemagick:imagemagick:6.0.7ImageMagick 6.0.7
cpe:/a:imagemagick:imagemagick:6.0.6ImageMagick 6.0.6
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/a:imagemagick:imagemagick:6.0.8ImageMagick 6.0.8
cpe:/a:graphicsmagick:graphicsmagick:1.0.6GraphicsMagick 1.0.6
cpe:/a:imagemagick:imagemagick:5.3.3ImageMagick 5.3.3
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:gentoo:linux:0.5
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:imagemagick:imagemagick:6.2ImageMagick 6.2
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:imagemagick:imagemagick:6.0ImageMagick 6.0
cpe:/a:imagemagick:imagemagick:6.1ImageMagick 6.1
cpe:/a:imagemagick:imagemagick:6.1.2ImageMagick 6.1.2
cpe:/a:imagemagick:imagemagick:6.1.4ImageMagick 6.1.4
cpe:/a:imagemagick:imagemagick:6.1.3ImageMagick 6.1.3
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9925Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to ex...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0005
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0005
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-572
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110608222117215&w=2
(UNKNOWN)  BUGTRAQ  20050118 [USN-62-1] imagemagick vulnerability
http://www.debian.org/security/2005/dsa-646
(VENDOR_ADVISORY)  DEBIAN  DSA-646
http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml
(UNKNOWN)  GENTOO  GLSA-200501-37
http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
http://www.redhat.com/support/errata/RHSA-2005-070.html
(UNKNOWN)  REDHAT  RHSA-2005:070
http://www.redhat.com/support/errata/RHSA-2005-071.html
(PATCH)  REDHAT  RHSA-2005:071

- 漏洞信息

ImageMagick .psd图象文件解码堆溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        ImageMagick PSD图象解码模块存在一个堆溢出漏洞,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.imagemagick.org/www/download.html

- 漏洞信息 (F35792)

iDEFENSE Security Advisory 2005-01-17.t (PacketStormID:F35792)
2005-01-18 00:00:00
iDefense Labs,Andrei Nigmatulin  idefense.com
advisory,remote,overflow,arbitrary
CVE-2005-0005
[点击下载]

iDEFENSE Security Advisory 01.17.05 - Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Versions 6.1.7 and below are affected.

Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow
Vulnerability

iDEFENSE Security Advisory 01.17.05
www.idefense.com/application/poi/display?id=184&type=vulnerabilities
January 17, 2005

I. BACKGROUND

ImageMagick provides a variety of graphics image-handling libraries and 
capabilities. These libraries are widely used and are shipped by default

on most Unix and Linux distributions. These libraries are commonly 
installed by default on computers where any other graphical image viewer
or X Desktop environment is installed (such as Gnome or KDE).

More information is available at the following site:

   http://www.imagemagick.org

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in The 
ImageMagick's Project's ImageMagick PSD image-decoding module could 
allow an attacker to execute arbitrary code. 

A heap overflow exists within ImageMagick, specifically in the decoding 
of Photoshop Document (PSD) files. The vulnerable code follows:

ImageMagick-6.1.0/coders/psd.c

for (j=0; j < (long) layer_info[i].channels; j++) 
{ 
  layer_info[i].channel_info[j].type=(short)ReadBlobMSBShort(image);
  layer_info[i].channel_info[j].size=ReadBlobMSBLong(image);
  [...]
} 

The array channel_info is only 24 elements large, and the loop variable,

"j", is bounded by a user-supplied value from the image file, thus 
allowing a heap overflow to occur when more than 24 layers are 
specified. If heap structures are overflowed in a controlled way, 
execution of arbitrary code is possible.

III. ANALYSIS

Exploitation may allow attackers to run arbitrary code on a victim's 
computer if the victim opens a specially formatted image. Such images 
could be delivered by e-mail or HTML, in some cases, and would likely 
not raise suspicion on the victim's part. Exploitation is also possible 
when a web-based application uses ImageMagick to process user-uploaded 
image files.

IV. DETECTION

iDEFENSE has confirmed this vulnerability in ImageMagick 6.1.0 and 
ImageMagick 6.1.7. Earlier versions are also suspected vulnerable.

The following vendors may include vulnerable ImageMagick packages: 
	
   The Debian Project 
   MandrakeSoft 
   Red Hat, Inc. 

V. WORKAROUND

Do not open files from untrusted sources. Do not allow untrusted sources

to process images using your web application.

VI. VENDOR RESPONSE

This vulnerability is addressed in ImageMagick 6.1.8-8, available for
download at:

   http://www.imagemagick.org/www/download.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2005-0005 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not
been assigned yet.

VIII. DISCLOSURE TIMELINE

12/21/2004  Initial vendor notification
01/14/2004  Initial vendor response
01/17/2005  Public disclosure

IX. CREDIT

Andrei Nigmatulin is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright (c) 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

13028
ImageMagick / GraphicsMagick PSD Image Decoding Module Overflow
Context Dependent Input Manipulation
Loss of Integrity Patch / RCS, Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-01-17 Unknow
Unknow 2005-01-20

- 解决方案

Upgrade ImageMagick to version 6.1.8-8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. A patch has been released for GraphicsMagick, check the sourceforge advisory in the references section.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ImageMagick Photoshop Document Parsing Remote Client-Side Buffer Overflow Vulnerability
Boundary Condition Error 12287
Yes No
2005-01-17 12:00:00 2009-07-12 10:06:00
Andrei Nigmatulin is credited with the discovery of this issue.

- 受影响的程序版本

SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core2
Red Hat Fedora Core1
ImageMagick ImageMagick 6.2 .0.7
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
ImageMagick ImageMagick 6.2 .0.4
+ Gentoo Linux
ImageMagick ImageMagick 6.2
ImageMagick ImageMagick 6.1.7
ImageMagick ImageMagick 6.1.6
ImageMagick ImageMagick 6.1.5
ImageMagick ImageMagick 6.1.4
ImageMagick ImageMagick 6.1.3
ImageMagick ImageMagick 6.1.2
ImageMagick ImageMagick 6.1.1
ImageMagick ImageMagick 6.1
ImageMagick ImageMagick 6.0.8
ImageMagick ImageMagick 6.0.7
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
ImageMagick ImageMagick 6.0.6
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
ImageMagick ImageMagick 6.0.5
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
ImageMagick ImageMagick 6.0.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
ImageMagick ImageMagick 6.0.3
ImageMagick ImageMagick 6.0.2 .5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.1
ImageMagick ImageMagick 6.0
ImageMagick ImageMagick 5.4.7
+ Turbolinux Turbolinux Server 8.0
ImageMagick ImageMagick 5.4.3
+ Turbolinux Turbolinux Workstation 8.0
ImageMagick ImageMagick 5.3.3
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
GraphicsMagick GraphicsMagick 1.1.4
GraphicsMagick GraphicsMagick 1.1.3
GraphicsMagick GraphicsMagick 1.1
GraphicsMagick GraphicsMagick 1.0.6
GraphicsMagick GraphicsMagick 1.0
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
Gentoo Linux 1.2
Gentoo Linux 1.1 a
Gentoo Linux 0.7
Gentoo Linux 0.5
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
GraphicsMagick GraphicsMagick 1.1.5

- 不受影响的程序版本

GraphicsMagick GraphicsMagick 1.1.5

- 漏洞讨论

A client-side buffer overflow vulnerability affects the Photoshop document (PSD) parsing functionality of ImageMagick. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue remotely by sending a malicious file through email or some other means to an unsuspecting user and enticing them to process it with the affected application.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released an upgrade dealing with this issue.

TurboLinux has released advisory TLSA-2005-47 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20050304-01-U including updated SGI ProPack 3 Service Pack 4 packages to address this issue. Please see the referenced advisory for more information.

Ubuntu Linux has made advisory USN-62-1 along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Debian has released a security advisory (DSA 646-1) and fixes to address this vulnerability. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Gentoo has released an advisory (GLSA 200501-26) and fixes for their ImageMagick packages. To upgrade to the fixed version, execute the following commands:

emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.8.8"

Please see the referenced Gentoo advisory for more information.

Gentoo has released advisory GLSA 200501-37 dealing with this issue for their GraphicsMagick packages. Gentoo recommends that all GraphicsMagick users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.5"

Please see the referenced Gentoo advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Ubuntu has released advisory USN-90-1 to address this issue. Please see the referenced advisory for more information.

Gentoo linux has released an advisory (GLSA 200503-11) dealing with this issue. Gentoo advises that all ImageMagick users should upgrade to the latest version by issuing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4"

For more information please see the referenced Gentoo linux advisory.

Red Hat has released advisory RHSA-2005:320-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE Linux has released an advisory (SUSE-SA:2005:017) dealing with this and other issues. Please see the referenced advisory for more information.

RedHat has released advisories FEDORA-2005-234 and FEDORA-2005-235 dealing with this issue in their Core 2 and Core 3 packages respectively. Please see the referenced advisory for more information.

MandrakeSoft has released advisory MDKSA-2005:065 to address this issue. Please see the referenced advisory for more information.

RedHat Fedora Legacy has released security advisory FLSA:152777 addressing this issue for RedHat Linux 7.3 and 9.0, and for Fedora Core 1 and 2. Please see the referenced advisory for further information.


Red Hat Fedora Core2

Red Hat Fedora Core1

GraphicsMagick GraphicsMagick 1.0

GraphicsMagick GraphicsMagick 1.0.6

GraphicsMagick GraphicsMagick 1.1

GraphicsMagick GraphicsMagick 1.1.3

GraphicsMagick GraphicsMagick 1.1.4

ImageMagick ImageMagick 5.3.3

ImageMagick ImageMagick 5.4.3

ImageMagick ImageMagick 5.4.7

ImageMagick ImageMagick 6.0

ImageMagick ImageMagick 6.0.1

ImageMagick ImageMagick 6.0.2

ImageMagick ImageMagick 6.0.2 .5

ImageMagick ImageMagick 6.0.3

ImageMagick ImageMagick 6.0.4

ImageMagick ImageMagick 6.0.5

ImageMagick ImageMagick 6.0.6

ImageMagick ImageMagick 6.0.7

ImageMagick ImageMagick 6.0.8

ImageMagick ImageMagick 6.1

ImageMagick ImageMagick 6.1.1

ImageMagick ImageMagick 6.1.2

ImageMagick ImageMagick 6.1.3

ImageMagick ImageMagick 6.1.4

ImageMagick ImageMagick 6.1.5

ImageMagick ImageMagick 6.1.6

ImageMagick ImageMagick 6.1.7

RedHat Linux 7.3 i386

RedHat Linux 7.3 i686

RedHat Linux 7.3

RedHat Linux 9.0 i386

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站