Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 29 May 2016 22:02:53 -0400 (EDT)
From: cve-assign@...re.org
To: bfriesen@...ple.dallas.tx.us
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> if the first character of the file specification is
> a '|', then the remainder of the filename is passed to the shell for
> execution using the POSIX popen(3C) function
> 
> The simple solution to the problem is to disable the popen support
> (HAVE_POPEN) in GraphicsMagick's magick/blob.c as is done by the
> attached patch.

Use CVE-2016-5118.


> Previously supplied recommended patches for GraphicsMagick do
> successfully block this attack vector in SVG and MVG.

If there was a previous announcement of a vulnerability fix for a
subset of the exploitation methodologies, then a separate CVE ID is
also needed. The scope of CVE-2016-5118 is only the new "initial |
character" information announced in the
http://www.openwall.com/lists/oss-security/2016/05/29/7 post.

(For example, if there had previously been any type of announcement
that the

  xlink:href="|

substring was being blocked in the native SVG readers, then that can
have its own unique CVE ID.)

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXS57cAAoJEHb/MwWLVhi2MksP/j43+PGhpwdmLcAn0snPrMNM
1uVyeMvOasjPoIWqshe45UUIXUrBN9PdtlueJhsxEl6WtO/QUSRnVk+mVQShnOMq
K4KRqEk/7k0D7txEkulMwLK8phA2bMUGNX/YbliMBJD0z7YOB2dR7H97TszpJ0p1
rAudJXHiW4IUyNgZm/jjohhyA70jUl5XhwuAGVLoudrJeGnsJZ5e5Vbp130sGkgD
R8KUpmy4Bl2c04aWaevkSc4jKfL8qBUwxSZC6cHxo3au+7NnXCZ/fJhejV/p0phA
vq99kKlT/IqXQ+ON4T6AdzGpn4a+EVhp9pn6pknNg9vHtBpvEQuX8jeJx9jMdtIc
er9soxqmckeMEwoiJ9Hdm3SHYlH/orb9n3C+Woe18BLR3VjRMZA6PL9SBfVbkET0
Evtnui7BBUiYtVX62K2OTp+uTc2wfRKj7+paSAT5bGBfspD0p1heOfHeWJzJd28B
UNbhfS5mhpDKHLDKDeaQQjCE/icPyfsZsvlcsnGeSg1Pta1AtBiZYauiae7jCscX
BQTBoV7TTSbVfx1VP6jy9jGD30RW0Uj4c85wyDuRYmlOqzCE7/H/SGASjxGqQvLX
GjDHzDF0xvEbTqMyw+8yn/3eCW8eZy/y50DMc2TLdYpWIHQfMsWMY8K3LOS/tcaF
iOspq5Qmc+dxTuYQguTz
=7jWy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ