Amazon Linux AMI update for ImageMagick
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 |
| CWE-ID | CWE-20 CWE-200 CWE-918 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Vulnerability #5 is being exploited in the wild. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU5846
Risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2016-3714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient filtering for filename passed to delegate's command. A remote attacker can create a specially crafted image containing shell metacharacters, trick the victim into opening it via application using ImageMagick, will trigger an input validation flaw and execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Update the affected packages:
i686:Vulnerable software versions
ImageMagick-doc-6.7.8.9-13.19.amzn1.i686
ImageMagick-perl-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-6.7.8.9-13.19.amzn1.i686
ImageMagick-6.7.8.9-13.19.amzn1.i686
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686
ImageMagick-devel-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686
src:
ImageMagick-6.7.8.9-13.19.amzn1.src
x86_64:
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-699.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Input validation error
EUVDB-ID: #VU5847
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-3715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to delete arbitrary files on the target system.
The weakness exists due to input validation error. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger an error in the ephemeral pseudo-protocol and delete certain files on the affected system.
Successful exploitation of the vulnerability results in deletion of arbitrary files on the vulnerable system.
Update the affected packages:
i686:Vulnerable software versions
ImageMagick-doc-6.7.8.9-13.19.amzn1.i686
ImageMagick-perl-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-6.7.8.9-13.19.amzn1.i686
ImageMagick-6.7.8.9-13.19.amzn1.i686
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686
ImageMagick-devel-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686
src:
ImageMagick-6.7.8.9-13.19.amzn1.src
x86_64:
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-699.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Security bypass
EUVDB-ID: #VU5848
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-3716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to properly prevent file move operations when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening, bypass security mechanism and move certain files on the affected system.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Update the affected packages:
i686:Vulnerable software versions
ImageMagick-doc-6.7.8.9-13.19.amzn1.i686
ImageMagick-perl-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-6.7.8.9-13.19.amzn1.i686
ImageMagick-6.7.8.9-13.19.amzn1.i686
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686
ImageMagick-devel-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686
src:
ImageMagick-6.7.8.9-13.19.amzn1.src
x86_64:
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-699.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Information disclosure
EUVDB-ID: #VU5849
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-3717
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening it, generate output files and obtain sensitive information.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Update the affected packages:
i686:Vulnerable software versions
ImageMagick-doc-6.7.8.9-13.19.amzn1.i686
ImageMagick-perl-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-6.7.8.9-13.19.amzn1.i686
ImageMagick-6.7.8.9-13.19.amzn1.i686
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686
ImageMagick-devel-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686
src:
ImageMagick-6.7.8.9-13.19.amzn1.src
x86_64:
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-699.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Server Side Request Forgery
EUVDB-ID: #VU5850
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-3718
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Update the affected packages:
i686:Vulnerable software versions
ImageMagick-doc-6.7.8.9-13.19.amzn1.i686
ImageMagick-perl-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-6.7.8.9-13.19.amzn1.i686
ImageMagick-6.7.8.9-13.19.amzn1.i686
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686
ImageMagick-devel-6.7.8.9-13.19.amzn1.i686
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686
src:
ImageMagick-6.7.8.9-13.19.amzn1.src
x86_64:
ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64
ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-699.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
