Vulnerability BDU:2021-03444 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.3high3.x

0246810

CVSS Score: 7.3/10

All CVSS Scores

CVSS 3.x

7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

Уязвимость опции -authenticate консольного графического редактора ImageMagick связана с некорректной фильтрацией пароля. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Sources

bdu

Related Vulnerabilities

CVE-2020-29599

Exploits

Exploit ID: CVE-2020-29599

Source: github-poc

URL: https://github.com/lnwza0x0a/CVE-2020-29599

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29599

https://github.com/ImageMagick/ImageMagick/commit/68154c05cf40a80b6f2e2dd9fdc4428570f875f0

https://github.com/ImageMagick/ImageMagick/commit/89a1c73ee2693ded91a72d00bdf3aba410f349f1

https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823

https://github.com/ImageMagick/ImageMagick/discussions/2851

https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html

https://nvd.nist.gov/vuln/detail/CVE-2020-29599

https://security-tracker.debian.org/tracker/CVE-2020-29599

https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie

https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16

https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16

https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144

https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD

https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD

https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

Recommendations

Source: bdu

Использование рекомендаций:
Для ImageMagick:
использование рекомендаций производителя: https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823

Для ОС Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-29599

Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

Для ОС ОН «Стрелец»:
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie

Для ОСОН Основа:
Обновление программного обеспечения imagemagick до версии 8:6.9.11.60+dfsg-1.3osnova0

Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD

Для Astra Linux Special Edition для архитектуры ARM для 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD

Для ОС ОН «Стрелец»:
Обновление программного обеспечения imagemagick до версии 8:6.9.7.4+dfsg-11+deb9u14

URL: https://bdu.fstec.ru/vul/2021-03444

Vulnerable Software (20)

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 8.1

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 8.1

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: strelets 1.0

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: strelets 1.0

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 9

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 9

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 1.7

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 1.7

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 4.7

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 4.7

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: strelets *

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: strelets *

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: осон основа оnyx *

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: осон основа оnyx *

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 8

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 8

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 10

Trait:

{  "version_end_excluding": "6.9.11-40",  "version_start_including": "6.9.8-1"}

Source: bdu

Type: Configuration

Vendor: imagemagick studio llc

Product: imagemagick

Operating System: debian gnu/linux 10

Trait:

{  "version_end_excluding": "7.0.10-40",  "version_start_including": "7.0.5-3"}

Source: bdu

End of list

Russian Vulnerability Scanner Database

BDU:2021-03444

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (20)