ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system.
Evidence :
http://arstechnica.com/security/2016/05/exploits-gone-wild-hackers-target-critical-image-processing-bug/
https://www.us-cert.gov/ncas/current-activity/2016/05/04/ImageMagick-Vulnerability
You can fix it by edit policy.xml file.
Add following lines to policy.xml file
<policy domain=”coder” rights=”none” pattern=”EPHEMERAL”></policy>
<policy domain=”coder” rights=”none” pattern=”URL”></policy>
<policy domain=”coder” rights=”none” pattern=”HTTPS”></policy>
<policy domain=”coder” rights=”none” pattern=”MVG”></policy>
<policy domain=”coder” rights=”none” pattern=”MSL”></policy>
<policy domain=”coder” rights=”none” pattern=”TEXT”></policy>
<policy domain=”coder” rights=”none” pattern=”SHOW”></policy>
<policy domain=”coder” rights=”none” pattern=”WIN”></policy>
<policy domain=”coder” rights=”none” pattern=”PLT”></policy>
Default File path:
Ubuntu/Debian 7/CentOS/RHEL/Arch Linux : /etc/ImageMagick/policy.xml
Debian 8/Fedora : /etc/ImageMagick-6/policy.xml
FreeBSD : /usr/local/etc/ImageMagick-6/policy.xml
CentOS with cPanel/WHM: /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
If you purchased hosting services from us, you can use the WP Toolkit to scan…
If multiple PHP versions are installed on your server you need to tell the composer…
Wordpress toolkit allows the installation, configuration, and management of Wordpress. The first step is to…
These instructions cover installing and configuring the OpenVPN Connect app Client-Side Configurations: Android There are…
This error may appear when you try to connect to Microsft SQL server or you…
Hello everyone, The COVID-19 should have affected almost everyone in a way or another. When…