Vulnerability Name:

CVE-2005-4601 (CCN-23927)

Assigned:2005-12-29
Published:2005-12-29
Updated:2018-10-19
Summary:The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20060301-01-U

Source: CCN
Type: Debian Bug report logs - #345238
[CVE-2005-4601] Shell command injection in delegate code (via file names)

Source: MISC
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238

Source: MITRE
Type: CNA
CVE-2005-4601

Source: CCN
Type: RHSA-2006-0178
ImageMagick security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0178

Source: CCN
Type: SA18261
ImageMagick Utilities Image Filename Handling Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18261

Source: SECUNIA
Type: UNKNOWN
18607

Source: SECUNIA
Type: UNKNOWN
18631

Source: SECUNIA
Type: UNKNOWN
18871

Source: SECUNIA
Type: UNKNOWN
19183

Source: SECUNIA
Type: UNKNOWN
19408

Source: SECUNIA
Type: UNKNOWN
23090

Source: CCN
Type: SA28800
Sun Solaris ImageMagick Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28800

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-03

Source: SUNALERT
Type: UNKNOWN
231321

Source: CCN
Type: ASA-2006-048
ImageMagick security update (RHSA-2006-0178)

Source: CCN
Type: ASA-2008-055
Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) (Sun 231321)

Source: DEBIAN
Type: UNKNOWN
DSA-957

Source: DEBIAN
Type: DSA-957
imagemagick -- missing shell meta sanitising

Source: CCN
Type: ImageMagick Web site
Introduction to ImageMagick

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:024

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:006

Source: OSVDB
Type: UNKNOWN
22121

Source: CCN
Type: OSVDB ID: 22121
ImageMagick Delegate Code Multiple Utility Crafted File Name Arbitrary Shell Command Injection

Source: BUGTRAQ
Type: UNKNOWN
20061127 rPSA-2006-0218-1 ImageMagick

Source: BID
Type: UNKNOWN
16093

Source: CCN
Type: BID-16093
ImageMagick Image Filename Remote Command Execution Vulnerability

Source: CCN
Type: USN-246-1
imagemagick vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-246-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-0412

Source: XF
Type: UNKNOWN
imagemagick-filename-command-injection(23927)

Source: XF
Type: UNKNOWN
imagemagick-filename-command-injection(23927)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-389

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10353

Source: SUSE
Type: SUSE-SR:2006:006
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:imagemagick:imagemagick:6.2.4.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:imagemagick:imagemagick:6.2.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20054601
    V
    		CVE-2005-4601
    2022-06-30
    oval:org.opensuse.security:def:111893
    P
    		ImageMagick-7.1.0.8-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105471
    P
    		ImageMagick-7.1.0.8-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:36358
    P
    		GraphicsMagick-1.2.5-4.33.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26192
    P
    		Security update for php72 (Important)
    2021-02-17
    oval:org.opensuse.security:def:26111
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:25983
    P
    		Security update for openexr (Moderate)
    2020-12-23
    oval:org.opensuse.security:def:26586
    P
    		libexiv2-4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27321
    P
    		wpa_supplicant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26333
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25907
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26625
    P
    		pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27356
    P
    		GraphicsMagick on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26484
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25908
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26639
    P
    		star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26537
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25919
    P
    		Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26683
    P
    		dbus-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26249
    P
    		Security update for libtomcrypt (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:10353
    V
    		The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
    2013-04-29
    oval:org.debian:def:957
    V
    		missing shell meta sanitising
    2013-01-21
    oval:com.redhat.rhsa:def:20060178
    P
    		RHSA-2006:0178: ImageMagick security update (Moderate)
    2006-02-14
    BACK
    imagemagick imagemagick 6.2.4.5
    imagemagick imagemagick 6.2.5
    debian debian linux 3.0
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    sun solaris 9