ImageMagick, the popular image viewer bundled with various distributions of Linux and sometimes used as the defacto image viewer in mail clients, has a vulnerability that can lead to arbitrary code execution with the privileges of the user running the program.
5a4292f4fc03c31a1515095fe313548698146bb7a2b590e49fd261404826ab6e<html>
<BODY TEXT="#000000" BGCOLOR="#DBF0FF" LINK="#0000FF" VLINK="#008080" ALINK="#800000" title="bugs">
<b><font face="Arial Black" size="6"><u><p align="center">vulnerabilities</p></u></font></b>
<p><hr><p>
<p><h4 align = 'center'>2003-07-14</h4><p><b><h2 align = 'center'><FONT COLOR='#FF0000'>ImageMagick's Segmentation fault</b></FONT></h2><p><p><center><h2><b>Rosiello Security's Advisory</b></h2></center>
<p><b>I. BACKGROUND</b>
<br>
The ImageMagick (display) is an image viewer.<br>
ImageMagick is part of the KDE desktop and is<br>
bundled with all major Linux distributions.<br>
<p><b>II. DESCRIPTION</b>
<br>
A vulnerability was found in this application that could lead to the<br>
execution of arbitrary code with the privileges of the user running the program.<br>
This vulnerability can be exploited from within email clients that use ImageMagick<br>
as default for image viewing.<br>
It is possible that an user could load the "malicious" file directly,exploiting him self.
<br>
<p><b>III. ANALYSYS</b>
<br>
Class: Input validation error<br>
Remotely Exploitable: No<br>
Locally Exploitable: Yes but hardly<br>
Exploitation can provide local attackers with user access to an affected system.<br>
The following shows how the "malicious" file can cause the crash of ImageMagick.<br>
[root@localhost root]# ls -l /usr/X11R6/bin/display<br>
-rwxr-xr-x 1 root root 30564 Mar 14 2002 /usr/X11R6/bin/display<br>
[root@localhost root]# touch %x<br>
[root@localhost root]# gdb display<br>
(gdb) r<br>
Starting program: /usr/X11R6/bin/display<br>
[New Thread 1024 (LWP 757)]<br>
<br><br>
At this point open the file "%x" via ImageMagick.<br>
On the gdb prompt you will see the following:<br>
<br>
Program received signal SIGSEGV, Segmentation fault.<br>
[Switching to Thread 1024 (LWP 757)]<br>
0x4003cf0b in SetExceptionInfo () from /usr/X11R6/lib/libMagick.so.5<br>
(gdb)<br>
<p><b>IV. DETECTION</b>
<br>
All distributions supporting ImageMagick are affected.<br>
Red Hat, Mandrake, Suse and maybe others.<br>
Vulnerable Packages:<br>
Up to 5.4.3.x, all versions are vulnerable but the last one.<br>
Mainteiners were informed and consented about this Advisory.
<p><b>VI. CREDITS</b>
<br>
This vulnerability was found by Angelo Rosiello.<br>
<br>
http://www.rosiello.org<br>
&<br>
http://www.dtors.net<br>
<br>
CONTACT: <b>angelo@rosiello.org</b><br>
<p><b>Software: <a href='../archivio/'></b></a></body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed