安全研究

安全漏洞
ImageMagick SGI图形文件远程堆缓冲区溢出漏洞

发布日期:2006-08-14
更新日期:2007-02-08

受影响系统:
ImageMagick ImageMagick < 6.2.9
描述:
BUGTRAQ  ID: 19507
CVE(CAN) ID: CVE-2006-4144

ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。

ImageMagick 6.2.9之前版本内,sgi.c的ReadSGIImage函数存在整数溢出漏洞,较大的bytes_per_pixel、columns、rows值可触发堆缓冲区溢出,攻击者利用此漏洞可造成拒绝服务或执行任意代码。

<*来源:Damian Put (pucik@cc-team.org
  
  链接:http://xforce.iss.net/xforce/xfdb/28372
*>

建议:
厂商补丁:

ImageMagick
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

ImageMagick ImageMagick 6.0.7
SuSE ImageMagick-6.0.7-4.10.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ImageMagick-6.0.7 -4.10.i586.rpm

SuSE ImageMagick-6.0.7-4.10.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/ImageMagick-6.0 .7-4.10.x86_64.rpm

SuSE ImageMagick-devel-6.0.7-4.10.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ImageMagick-devel -6.0.7-4.10.i586.rpm

SuSE ImageMagick-devel-6.0.7-4.10.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/ImageMagick-dev el-6.0.7-4.10.x86_64.rpm

SuSE ImageMagick-Magick++-6.0.7-4.10.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ImageMagick-Magic k++-6.0.7-4.10.i586.rpm

SuSE ImageMagick-Magick++-6.0.7-4.10.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/ImageMagick-Mag ick++-6.0.7-4.10.x86_64.rpm

SuSE ImageMagick-Magick++-devel-6.0.7-4.10.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ImageMagick-Magic k++-devel-6.0.7-4.10.i586.rpm

SuSE ImageMagick-Magick++-devel-6.0.7-4.10.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/ImageMagick-Mag ick++-devel-6.0.7-4.10.x86_64.rpm

SuSE perl-PerlMagick-6.0.7-4.10.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-PerlMagick-6 .0.7-4.10.i586.rpm

SuSE perl-PerlMagick-6.0.7-4.10.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/perl-PerlMagick -6.0.7-4.10.x86_64.rpm


ImageMagick ImageMagick 6.1.8
SuSE ImageMagick-6.1.8-6.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-6.1.8 -6.4.i586.rpm

SuSE ImageMagick-6.1.8-6.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-6.1 .8-6.4.x86_64.rpm

SuSE ImageMagick-devel-6.1.8-6.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-devel -6.1.8-6.4.i586.rpm

SuSE ImageMagick-devel-6.1.8-6.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-dev el-6.1.8-6.4.x86_64.rpm

SuSE ImageMagick-Magick++-6.1.8-6.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-Magic k++-6.1.8-6.4.i586.rpm

SuSE ImageMagick-Magick++-6.1.8-6.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-Mag ick++-6.1.8-6.4.x86_64.rpm

SuSE ImageMagick-Magick++-devel-6.1.8-6.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-Magic k++-devel-6.1.8-6.4.i586.rpm

SuSE ImageMagick-Magick++-devel-6.1.8-6.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-Mag ick++-devel-6.1.8-6.4.x86_64.rpm

SuSE perl-PerlMagick-6.1.8-6.4.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/perl-PerlMagick-6 .1.8-6.4.i586.rpm

SuSE perl-PerlMagick-6.1.8-6.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/perl-PerlMagick -6.1.8-6.4.x86_64.rpm


ImageMagick ImageMagick 6.2.3
SuSE ImageMagick-6.2.3-4.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-6.2. 3-4.4.i586.rpm

SuSE ImageMagick-6.2.3-4.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-6.2.3 -4.4.ppc.rpm

SuSE ImageMagick-6.2.3-4.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-6. 2.3-4.4.x86_64.rpm

SuSE ImageMagick-devel-6.2.3-4.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-deve l-6.2.3-4.4.i586.rpm

SuSE ImageMagick-devel-6.2.3-4.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-devel -6.2.3-4.4.ppc.rpm

SuSE ImageMagick-devel-6.2.3-4.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-de vel-6.2.3-4.4.x86_64.rpm

SuSE ImageMagick-Magick++-6.2.3-4.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-Magi ck++-6.2.3-4.4.i586.rpm

SuSE ImageMagick-Magick++-6.2.3-4.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-Magic k++-6.2.3-4.4.ppc.rpm

SuSE ImageMagick-Magick++-6.2.3-4.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-Ma gick++-6.2.3-4.4.x86_64.rpm

SuSE ImageMagick-Magick++-devel-6.2.3-4.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-Magi ck++-devel-6.2.3-4.4.i586.rpm

SuSE ImageMagick-Magick++-devel-6.2.3-4.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-Magic k++-devel-6.2.3-4.4.ppc.rpm

SuSE ImageMagick-Magick++-devel-6.2.3-4.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-Ma gick++-devel-6.2.3-4.4.x86_64.rpm

SuSE perl-PerlMagick-6.2.3-4.4.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/perl-PerlMagick- 6.2.3-4.4.i586.rpm

SuSE perl-PerlMagick-6.2.3-4.4.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/perl-PerlMagick-6 .2.3-4.4.ppc.rpm

SuSE perl-PerlMagick-6.2.3-4.4.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/perl-PerlMagic k-6.2.3-4.4.x86_64.rpm

Trustix imagemagick-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix imagemagick-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix imagemagick-devel-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix imagemagick-devel-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix kernel-smp-2.6.17.11-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix perl-image-magick-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/

Trustix perl-image-magick-6.2.9.1-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/


ImageMagick ImageMagick 6.2.5
RedHat Fedora ImageMagick-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-devel-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-devel-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-devel-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-perl-6.2.5.4-4.2.1.fc5.4.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-perl-6.2.5.4-4.2.1.fc5.4.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat Fedora ImageMagick-perl-6.2.5.4-4.2.1.fc5.4.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

SuSE ImageMagick-6.2.5-16.5.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-6.2.5-16. 5.i586.rpm

SuSE ImageMagick-6.2.5-16.5.ppc.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-6.2.5-16.5 .ppc.rpm

SuSE ImageMagick-6.2.5-16.5.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-6.2.5-1 6.5.x86_64.rpm

SuSE ImageMagick-devel-6.2.5-16.5.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-devel-6.2 .5-16.5.i586.rpm

SuSE ImageMagick-devel-6.2.5-16.5.ppc.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-devel-6.2. 5-16.5.ppc.rpm

SuSE ImageMagick-devel-6.2.5-16.5.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-devel-6 .2.5-16.5.x86_64.rpm

SuSE ImageMagick-Magick++-6.2.5-16.5.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-Magick++- 6.2.5-16.5.i586.rpm

SuSE ImageMagick-Magick++-6.2.5-16.5.ppc.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-Magick++-6 .2.5-16.5.ppc.rpm

SuSE ImageMagick-Magick++-6.2.5-16.5.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-Magick+ +-6.2.5-16.5.x86_64.rpm

SuSE ImageMagick-Magick++-devel-6.2.5-16.5.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-Magick++- devel-6.2.5-16.5.i586.rpm

SuSE ImageMagick-Magick++-devel-6.2.5-16.5.ppc.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-Magick++-d evel-6.2.5-16.5.ppc.rpm

SuSE ImageMagick-Magick++-devel-6.2.5-16.5.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-Magick+ +-devel-6.2.5-16.5.x86_64.rpm

SuSE perl-PerlMagick-6.2.5-16.5.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/perl-PerlMagick-6.2.5 -16.5.i586.rpm

SuSE perl-PerlMagick-6.2.5-16.5.ppc.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/perl-PerlMagick-6.2.5- 16.5.ppc.rpm

SuSE perl-PerlMagick-6.2.5-16.5.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/perl-PerlMagick-6.2 .5-16.5.x86_64.rpm

浏览次数:1996
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客