FreeBSD Bugzilla – Attachment 169972 Details for
Bug 209241
graphics/ImageMagick: Add VuXML entry to report vulnerability for CVE-2016-3714
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add VuXML entry for graphics/ImageMagick multiple vulnerabilities (including "ImageTragick")
vuxml.diff (text/plain), 2.34 KB, created by
Ben Woods
on 2016-05-04 17:18:49 UTC
(
hide
)
Description:
Patch to add VuXML entry for graphics/ImageMagick multiple vulnerabilities (including "ImageTragick")
Filename:
MIME Type:
Creator:
Ben Woods
Created:
2016-05-04 17:18:49 UTC
Size:
2.34 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 414564) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,50 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="fcf0125a-1218-11e6-b4a2-bc5ff4fb5ea1"> >+ <topic>ImageMagick -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>ImageMagick</name> >+ <range><lt>6.9.3.9,1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Openwall reports:</p> >+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/05/03/18"> >+ <p>Insufficient filtering for filename passed to delegate's command allows >+ remote code execution during conversion of several file formats. Any >+ service which uses ImageMagick to process user supplied images and uses >+ default delegates.xml / policy.xml, may be vulnerable to this issue.</p> >+ <p>It is possible to make ImageMagick perform a HTTP GET or FTP request</p> >+ <p>It is possible to delete files by using ImageMagick's 'ephemeral' pseudo >+ protocol which deletes files after reading.</p> >+ <p>It is possible to move image files to file with any extension in any >+ folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and >+ image.gif should exist in known location - /tmp/ for PoC (in real life >+ it may be web service written in PHP, which allows to upload raw txt >+ files and process images with ImageMagick).</p> >+ <p>It is possible to get content of the files from the server by using >+ ImageMagick's 'label' pseudo protocol.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2016-3714</cvename> >+ <cvename>CVE-2016-3718</cvename> >+ <cvename>CVE-2016-3715</cvename> >+ <cvename>CVE-2016-3716</cvename> >+ <cvename>CVE-2016-3717</cvename> >+ <url>http://www.openwall.com/lists/oss-security/2016/05/03/18</url> >+ <url>https://imagetragick.com/</url> >+ </references> >+ <dates> >+ <discovery>2016-05-03</discovery> >+ <entry>2016-05-04</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf"> > <topic>LibreSSL -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=169972">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 209241
: 169972