SB2016050301 - Multiple vulnerabilities in ImageMagick

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016050301

SB2016050301 - Multiple vulnerabilities in ImageMagick

Published: May 3, 2016 Updated: February 17, 2017

Security Bulletin ID SB2016050301
CSH Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Server Side Request Forgery (CVE-ID: CVE-2016-3718)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.

The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.

Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

2) Information disclosure (CVE-ID: CVE-2016-3717)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening it, generate output files and obtain sensitive information.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

3) Security bypass (CVE-ID: CVE-2016-3716)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to properly prevent file move operations when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening, bypass security mechanism and move certain files on the affected system.

Successful exploitation of the vulnerability results in security bypass on the vulnerable system.

4) Input validation error (CVE-ID: CVE-2016-3715)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green


The vulnerability allows a remote attacker to delete arbitrary files on the target system.

The weakness exists due to input validation error. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger an error in the ephemeral pseudo-protocol and delete certain files on the affected system.

Successful exploitation of the vulnerability results in deletion of arbitrary files on the vulnerable system.

Remediation

Install update from vendor's website.

References