ImageMagick Remote Command Execution Vulnerability

Matt

Owner
https://blog.sucuri.net/2016/05/imagemagick-remote-command-execution-vulnerability.html

As per the thread, last night thanks to the heads up from eva2000 , I've already applied the patch to the policy.xml files for all servers that I manage for people where you have ImageMagick installed.

eg:
Code:
# convert -list policy

Path: [built-in]
  Policy: Undefined
    rights: None 

Path: /etc/ImageMagick/policy.xml
  Policy: undefined
    rights: None 
  Policy: Coder
    rights: None 
    pattern: EPHEMERAL
  Policy: Coder
    rights: None 
    pattern: HTTPS
  Policy: Coder
    rights: None 
    pattern: MVG
  Policy: Coder
    rights: None 
    pattern: MSL
  Policy: undefined
    rights: None 
#
 
Top