ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system.
Evidence :
http://arstechnica.com/security/2016/05/exploits-gone-wild-hackers-target-critical-image-processing-bug/
https://www.us-cert.gov/ncas/current-activity/2016/05/04/ImageMagick-Vulnerability
You can fix it by edit policy.xml file.
Add following lines to policy.xml file
<policy domain=”coder” rights=”none” pattern=”EPHEMERAL”></policy>
<policy domain=”coder” rights=”none” pattern=”URL”></policy>
<policy domain=”coder” rights=”none” pattern=”HTTPS”></policy>
<policy domain=”coder” rights=”none” pattern=”MVG”></policy>
<policy domain=”coder” rights=”none” pattern=”MSL”></policy>
<policy domain=”coder” rights=”none” pattern=”TEXT”></policy>
<policy domain=”coder” rights=”none” pattern=”SHOW”></policy>
<policy domain=”coder” rights=”none” pattern=”WIN”></policy>
<policy domain=”coder” rights=”none” pattern=”PLT”></policy>
Default File path:
Ubuntu/Debian 7/CentOS/RHEL/Arch Linux : /etc/ImageMagick/policy.xml
Debian 8/Fedora : /etc/ImageMagick-6/policy.xml
FreeBSD : /usr/local/etc/ImageMagick-6/policy.xml
CentOS with cPanel/WHM: /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
If multiple PHP versions are installed on your server you need to tell the composer…
Wordpress toolkit allows the installation, configuration, and management of Wordpress. The first step is to…
These instructions cover installing and configuring the OpenVPN Connect app Client-Side Configurations: Android There are…
This error may appear when you try to connect to Microsft SQL server or you…
Hello everyone, The COVID-19 should have affected almost everyone in a way or another. When…
Based on the current Covid19 scenario, several companies asked employees to work from home. Google…