Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (ImageTragick)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was discovered that ImageMagick did not properly
sanitize certain input before passing it to the delegate
functionality. A remote attacker could create a
specially crafted image that, when processed by an
application using ImageMagick or an unsuspecting user
using the ImageMagick utilities, would lead to arbitrary
execution of shell commands with the privileges of the
user running the application. (CVE-2016-3714)

- It was discovered that certain ImageMagick coders and
pseudo-protocols did not properly prevent security
sensitive operations when processing specially crafted
images. A remote attacker could create a specially
crafted image that, when processed by an application
using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would allow the attacker to
delete, move, or disclose the contents of arbitrary
files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)

- A server-side request forgery flaw was discovered in the
way ImageMagick processed certain images. A remote
attacker could exploit this flaw to mislead an
application using ImageMagick or an unsuspecting user
using the ImageMagick utilities into, for example,
performing HTTP(S) requests or opening FTP sessions via
specially crafted images. (CVE-2016-3718)

Note: This update contains an updated /etc/ImageMagick/policy.xml file
that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,
and LABEL coders. If you experience any problems after the update, it
may be necessary to manually adjust the policy.xml file to match your
requirements. Please take additional precautions to ensure that your
applications using the ImageMagick library do not process malicious or
untrusted files before doing so.

See also :

http://www.nessus.org/u?54ce2d75

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 91039 ()

Bugtraq ID:

CVE ID: CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now