Search found 5 matches

by trav
2016-05-07T04:17:31-07:00
Forum: Developers
Topic: CentOS 6 Question...
Replies: 1
Views: 2549

Re: CentOS 6 Question...

Given what you've checked I'd say you are safe in concluding that ImageMagick isn't installed on the system.
by trav
2016-05-07T03:58:44-07:00
Forum: Developers
Topic: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability
Replies: 23
Views: 17715

Re: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability

Just by way of an update, I was able to replicate all the exploits listed on https://imagetragick.com/ on CentOS7, and all with the exception of the epehmeral:/ delete on RHEL5 & CentOS5 and have deployed the mitigations below to all my systems with no issues, other than the loss of SVG thumbnailing...
by trav
2016-05-05T02:02:02-07:00
Forum: Developers
Topic: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability
Replies: 23
Views: 17715

Re: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability

Based on the existence of an 'msl.so' on CentOS v5 it looks like MSL would be an issue too, for now I'm going to chmod 000 all of mvg.so, msl.so, url.so and label.so
by trav
2016-05-05T00:35:23-07:00
Forum: Developers
Topic: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability
Replies: 23
Views: 17715

Re: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability

Looks like MVG (and label) can be disabled on CentOSv5 by denying access to (or I guess removing / renaming) the coder plugin file(s):

chmod -v 000 /usr/lib*/ImageMagick-*/modules-*/coders/mvg.so

'label' and 'svg' can be disabled in the same way too.
by trav
2016-05-04T23:43:07-07:00
Forum: Developers
Topic: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability
Replies: 23
Views: 17715

Re: Is there a work around for RHEL 5 concerning the Imagemagic Security vulnerability

The remote command execution via 'HTTPS' appears to be able to be mitigated on RHEL/CentOS v5 by updating the delegates.xml eg changing the following line in /usr/lib64/ImageMagick-6.2.8/config/delegates.xml (CentOS 5 path) <delegate decode="https" command='"wget" -q -O "%o" "https:%M"' /> to someth...