{"id":784,"date":"2021-07-23T12:38:06","date_gmt":"2021-07-23T12:38:06","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2016-3714-imagemagick\/"},"modified":"2021-07-23T12:38:06","modified_gmt":"2021-07-23T12:38:06","slug":"cve-2016-3714-imagemagick","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2016-3714-imagemagick\/","title":{"rendered":"CVE-2016-3714 ImageMagick"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

##
\nBackground Information<\/p>\n

On Tuesday, May 3 2016, ImageMagick announced a vulnerability in all versions of the ImageMagick software. ImageMagick is a software package commonly used by web services to process images.<\/p>\n

Impact<\/h2>\n

One of the reported vulnerabilities can potentially be exploited for remote code execution (RCE).
\nReleases<\/p>\n

ImageMagick has not released a fix, but plans to publish a new version of ImageMagic with the fixes soon.<\/p>\n

cPanel, L.L.C. normally releases all builds at once in order to limit the ability to reverse engineer fixes.\u2002However, this vulnerability is already wildly known and we have seen reports of it\u2019s use. In this instance, we plan to release builds as soon as they become available.<\/p>\n

At this time, the following builds are available:<\/p>\n

    \n
  • 11.56 \u2014 11.56.0.13<\/li>\n
  • 11.54 \u2014 11.54.0.23<\/li>\n
  • EDGE \u2014 11.55.9999.193<\/li>\n
  • CURRENT \u2014 11.56.0.13<\/li>\n
  • RELEASE \u2014 11.56.0.13<\/li>\n
  • STABLE \u2014 11.54.0.23<\/li>\n<\/ul>\n

    How to determine if your server is up to date<\/h2>\n

    The updated RPMs provided by cPanel will contain a changelog entry with a CVE number. To view this changelog entry run the following command:<\/p>\n

    \n
    rpm -<\/span>q --changelog <\/span>cpanel-<\/span>ImageMagick |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>3714<\/span><\/code><\/pre>\n<\/div>\n
    The output should resemble below: <\/p>\n
    \n
    -<\/span> Apply workaround for<\/span> CVE-<\/span>2016<\/span>-<\/span>3714<\/span><\/code><\/pre>\n<\/div>\n
    What to do if you are not up-to-date<\/h2>\n
    If your server is not running one of the above versions, update immediately.<\/p>\n
    To upgrade your server, navigate to WHM\u2019s Upgrade to Latest Version<\/em> interface (WHM >> Home >> cPanel >> Upgrade to Latest Version<\/em>) and click Click to Upgrade<\/em>.<\/p>\n
    To upgrade cPanel from the command line run the following commands:\n<\/p>\n
    \n
    \n\n\n
    \n
    1\n<\/span>2\n<\/span><\/code><\/pre>\n<\/td>\n
    		\n
    \/<\/span>scripts<\/span>\/<\/span>upcp<\/span>\n\/<\/span>scripts<\/span>\/<\/span>check_cpanel_rpms<\/span> --<\/span>fix<\/span> --<\/span>long<\/span>-<\/span>list<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
    To verify the new cpanel-ImageMagick RPM was installed run the following command:\n<\/p>\n
    \n
    rpm -<\/span>q --changelog <\/span>cpanel-<\/span>ImageMagick |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>3714<\/span><\/code><\/pre>\n<\/div>\n
    The output should resemble the following:\n<\/p>\n
    \n
    -<\/span> Apply workaround for<\/span> CVE-<\/span>2016<\/span>-<\/span>3714<\/span><\/code><\/pre>\n<\/div>\n
    Manual mitigation<\/h2>\n
    We will publish builds for 11.52, and 11.50 as soon as they become available. We will attempt use  WHM\u2019s Autofixer to update the policy.xml<\/code> file. For 11.52, and 11.50, you can manually mitigate this vulnerability with the following instructions.<\/p>\n
      \n
    1. \n
      Open the following file: <\/p>\n
      \n
      \/usr\/<\/span>local\/cpanel\/<\/span>3<\/span>rdparty\/etc\/<\/span>ImageMagick-<\/span>6<\/span>\/<\/span>policy.<\/span>xml<\/code><\/pre>\n<\/div>\n<\/li>\n
    2. \n
      Update the file to match the policy example below to disable the EPHEMERAL, URL, HTTPS, MVG, and MSL coders. <\/p>\n
      \n
      \n\n\n
      \n
      1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span>7\n<\/span><\/code><\/pre>\n<\/td>\n
      		\n
      <policymap<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"EPHEMERAL\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"URL\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"HTTPS\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"MVG\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"MSL\"<\/span> \/<\/span>>\n<\/<\/span>policymap<\/span>><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<\/li>\n<\/ol>\n
      How to mitigate the vulnerability for other ImageMagick installations<\/h2>\n
      If you have a local installation of ImageMagick, we recommend that you use a policy file to disable the vulnerable ImageMagick coders. The global policy for ImageMagick is usually found in the \/etc\/ImageMagick\/policy.xml<\/code> file. The following policy.xml<\/code> example disables the coders EPHEMERAL, URL, HTTPS, MVG, and MSL:<\/p>\n
      \n
      \n\n\n
      \n
      1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span>7\n<\/span><\/code><\/pre>\n<\/td>\n
      		\n
      <policymap<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"EPHEMERAL\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"URL\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"HTTPS\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"MVG\"<\/span> \/<\/span>>\n<policy<\/span> domain<\/span>=\"coder\"<\/span> rights<\/span>=\"none\"<\/span> pattern<\/span>=\"MSL\"<\/span> \/<\/span>>\n<\/<\/span>policymap<\/span>><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
      If you are still experiencing issues or need additional help, contact cPanel support.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
      ## Background Information On Tuesday, May 3 2016, ImageMagick announced a vulnerability in all versions of the ImageMagick software. ImageMagick is a software package commonly used by web services to process images. Impact One of the reported vulnerabilities can potentially be exploited for remote code execution (RCE). Releases ImageMagick has not released a fix, but …<\/p>\n","protected":false},"author":1,"featured_media":785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/784"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=784"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/784\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/785"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}