Full disclosure on the heels of an exploit "Because these ImageMagick vulnerabilities are being exploited today to hijack websites, getting a public Metasploit module out quickly is critically important for defenders to test their mitigation strategies," said Tod Beardsley, senior security research manager at Rapid7 and Metasploit collaborator. HD Moore, the creator of the Metasploit penetration testing framework, promised a public Metasploit module by Wednesday. Web application developers can also investigate sandboxing ImageMagick, although the team did not provide any information on how to do so. At this time, it would be a good idea to switch to GD or other supported third-party tools to handle thumbnails and other image processing tasks.Īdministrators should also consider temporarily turning off image uploads on their Web applications until the patches are available and have been applied. For example, MediaWiki supports both the GD library and ImageMagick. Some Web applications give administrators a choice of image processing libraries. " are effective against all of the exploit samples we've seen, but we cannot guarantee they will eliminate all vectors of attack." "We recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!" the advisory said. It's also possible to remove support for HTTPS by deleting the policy from the delegates.xml configuration file. ImageMagick provided details on policies to block possible exploits on its user forums. The second is to use a policy file - the global policy.xml file is usually found in /etc/ImageMagick - to disable vulnerable ImageMagic coders. For GIF images, the first few bytes tend to start with the hex bytes "47 49 46 38," while JPEG files start with "FF D8." Check the list of magic bytes to identify other file types. The first recommendation is to verify that all image files begin with the expected "magic bytes" corresponding to the file types before sending them to ImageMagick for processing. A large number of websites are vulnerable to attack, and Web application developers and server administrators should immediately apply workarounds to mitigate the flaws. Many popular content management systems, blogging sites, and social media platforms use either the image processing tool or the library to resize, crop, and otherwise tweak images uploaded by users. The vulnerabilities affect both the ImageMagick software and the library, which is supported by more than a dozen other languages, including PHP (imagick), Ruby (rmagick and paperclip), Node.js (imagemagick), and Python. The fixes are expected to be available in versions 7.0.1-1 and 6.9.3-10, which are expected to be out by the weekend. The latest packages from the 6 and 7 branches, including the versions provided in Ubuntu 14.04 and OS X are all vulnerable.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |