SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   ImageMagick Vendors:   ImageMagick.org
ImageMagick May Execute Arbitrary Code in Malicious Image Files
SecurityTracker Alert ID:  1007194
SecurityTracker URL:  http://securitytracker.com/id/1007194
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 14 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network

Version(s): 5.4.3.x (except for the last version in that series) and prior versions
Description:   A vulnerability was reported in ImageMagick. A user can cause a target user's application to execute arbitrary code.

Angelo Rosiello and DTORS reported that a user can create a specially crafted image file so that when the target user attempts to view the file using ImageMagick, arbitrary code will be executed with the privileges of the target user.

Impact:   A user can create a file that, when viewed by ImageMagick, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.imagemagick.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  ImageMagick's Overflow






                       ImageMagick's Overflow


                    Rosiello Security's Advisory
                                 &
                               DTORS

http://www.rosiello.org


I. BACKGROUND 
The ImageMagick (display) is an image viewer.
ImageMagick is part of the KDE desktop and is
bundled with all major Linux distributions.


II. DESCRIPTION 
A vulnerability was found in this application that could lead to the
execution of arbitrary code with the privileges of the user running the 
program.
This vulnerability can be exploited from within email clients that use 
ImageMagick
as default for image viewing.
It is possible that an user could load the "malicious" file 
directly,exploiting him self. 


III. ANALYSYS 
Class: Input validation error
Remotely Exploitable: No
Locally Exploitable: Yes but hardly
Exploitation can provide local attackers with user access to an affected 
system.
The following shows how the "malicious" file can cause the crash of 
ImageMagick.
[root@localhost root]# ls -l /usr/X11R6/bin/display
-rwxr-xr-x 1 root root 30564 Mar 14 2002 /usr/X11R6/bin/display
[root@localhost root]# touch %x
[root@localhost root]# gdb display
(gdb) r
Starting program: /usr/X11R6/bin/display
[New Thread 1024 (LWP 757)]


At this point open the file "%x" via ImageMagick.
On the gdb prompt you will see the following:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 757)]
0x4003cf0b in SetExceptionInfo () from /usr/X11R6/lib/libMagick.so.5
(gdb)


IV. DETECTION 
All distributions supporting ImageMagick are affected.
Red Hat, Mandrake, Suse and maybe others.
Vulnerable Packages:
Up to 5.4.3.x, all versions are vulnerable but the last one.
Mainteiners were informed and consented about this Advisory. 

VI. CREDITS 
This vulnerability was found by Angelo Rosiello.

http://www.rosiello.org
&
http://www.dtors.net

CONTACT: angelo@rosiello.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC