The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ImageMagick  CVE-2016–3714

Discussion in 'Security' started by Avensen, May 3, 2016.

Tags:
  1. Avensen

    Avensen Member

    Joined:
    Feb 27, 2007
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    1
    There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

    [Removed URL]
     
    eva2000 likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    We are handling this report with internal case CPANEL-5973. I'll update this thread with more information as it becomes available.

    Thank you.
     
    eva2000 likes this.
  3. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    There are issues with ImageMagick
    A policymap is recommended till a fix is available:
    Code:
    <policymap>
      <policy domain="coder" rights="none" pattern="EPHEMERAL" />
      <policy domain="coder" rights="none" pattern="URL" />
      <policy domain="coder" rights="none" pattern="HTTPS" />
      <policy domain="coder" rights="none" pattern="MVG" />
      <policy domain="coder" rights="none" pattern="MSL" />
    </policymap>
    What is the recommendation for cpanel?
    The policy is placed (Centos 6) here:
    /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml

    A gobal policy seems not to be used by default.
     
    #3 lorio, May 4, 2016
    Last edited by a moderator: May 4, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Edit: Our security team has also created a thread on this topic with additional details at:

    cPanel Security Team - CVE-2016-3714 ImageMagick


    Hello,

    A workaround for CVE-2016-3714 is now available in the form of an automatic repair script. You can apply the workaround by running the following command:

    Code:
    /scripts/autorepair mitigate_imagemagick_cve
    Or, if you prefer to use Web Host Manager, you can append "/scripts2/autofixer" to your URL after logging in:

    Code:
    https://1.2.3.4:2087/cpsess123456789/scripts2/autofixer
    Then, submit the following under "Enter Script Name":

    Code:
    mitigate_imagemagick_cve
    In addition, the vulnerability is mitigated with CPANEL-5973:

    Fixed case CPANEL-5973: Update cpanel-ImageMagick to 6.9.0-4.cp1154.

    Systems using a version 56 build tier can update cPanel to 56.0.13 via the "/scripts/upcp" command or via "WHM >> Upgrade to Latest Version".

    Systems using a version 54 build tier can update cPanel to 54.0.23 via the "/scripts/upcp" command or via "WHM >> Upgrade to Latest Version".

    CloudLinux users should review the following blog post:

    ImageMagick Filtering Vulnerability - CVE-2016-3714

    New builds are planned for cPanel versions 11.52 and 11.50, but the time frame on those releases is not yet available.

    Additional information on CVE-2016-3714 is available at the following URL:

    ImageMagick Filtering Vulnerability - CVE-2016-3714 - Red Hat Customer Portal

    Thank you.
     
    eva2000 likes this.

Share This Page