This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Openwall reports :
Insufficient filtering for filename passed to delegate's command
allows remote code execution during conversion of several file
formats. Any service which uses ImageMagick to process user-supplied
images and uses default delegates.xml / policy.xml, may be vulnerable
to this issue.
It is possible to make ImageMagick perform a HTTP GET or FTP request
It is possible to delete files by using ImageMagick's 'ephemeral'
pseudo protocol which deletes files after reading.
It is possible to move image files to file with any extension in any
folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and
image.gif should exist in known location - /tmp/ for PoC (in real life
it may be web service written in PHP, which allows to upload raw txt
files and process images with ImageMagick).
It is possible to get content of the files from the server by using
ImageMagick's 'label' pseudo protocol.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true