IMAGE MAGIC critical issue

[RPG-support]

It was reported in different places about critical unfixed issue with IM.

It is highly recommended to disable some functions until the IM developer will issue the fix.

Enter the following code to: /etc/ImageMagick/policy.xml

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
  <policy domain="coder" rights="none" pattern="TEXT" />
  <policy domain="coder" rights="none" pattern="SHOW" />
  <policy domain="coder" rights="none" pattern="WIN" />
  <policy domain="coder" rights="none" pattern="PLT" />
</policymap>

You may need to do some additional steps.

[RevengeFNF]

 

[ASTRAPI]

Red hat recommends:

 

<policymap> 
... 
<policy domain="coder" rights="none" pattern="EPHEMERAL" /> 
<policy domain="coder" rights="none" pattern="HTTPS" /> 
<policy domain="coder" rights="none" pattern="HTTP" /> 
<policy domain="coder" rights="none" pattern="URL" /> 
<policy domain="coder" rights="none" pattern="FTP" /> 
<policy domain="coder" rights="none" pattern="MVG" /> 
<policy domain="coder" rights="none" pattern="MSL" /> 
<policy domain="coder" rights="none" pattern="TEXT" /> 
<policy domain="coder" rights="none" pattern="LABEL" /> 
<policy domain="path" rights="none" pattern="@*" /> 
</policymap>

You can test it using:

 

git clone https://github.com/ImageTragick/PoCs.git
cd PoCs
./test.sh

If you get something like this you are fine:

./test.sh
testing read
SAFE

testing delete
SAFE

testing http with local port: 20073
SAFE

testing http with nonce: Q89NbhNW
SAFE

testing rce1
SAFE

testing rce2
SAFE

testing MSL
SAFE

A new version is also out:

 

6.9.3.10-1.el7