Protecting Against CVE-2016-3714 (ImageMagick)
Overview
A security vulnerability has been discovered in the ImageMagick software suite that can potentially allow remote code execution.
Impact
All versions of ImageMagick are affected. An updated version has been committed and should be rolling out to repositories in the near future. Until a patch is available for all systems, Liquid Web is taking steps to block the offending payloads. Additionally, a direct modification to ImageMagick’s policy file can reduce the risk of an exploit due to the vulnerability.
Resolution
A full resolution is not possible until a patch is released and applied. While that is anticipated to be available soon, in the interim, policies specifically blocking known exploits can be added directly to ImageMagick’s policy file, policy.xml. The file will be located in one of two possible directories, depending on how the software was installed:
- /etc/ImageMagick/policy.xml
- /usr/local/etc/ImageMagick-6/policy.xml
Once located, open policy.xml in your preferred text editor and add the following nine lines to the bottom of the file to help minimize the risks of exploit:
<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />
<policy domain="coder" rights="none" pattern="TEXT" />
<policy domain="coder" rights="none" pattern="SHOW" />
<policy domain="coder" rights="none" pattern="WIN" />
<policy domain="coder" rights="none" pattern="PLT" />
<policy domain="path" rights="none" pattern="@*" />
Managed customers who need help editing the policy file may contact Heroic Support® for assistance.
Related Articles:
- Innovative armor — exploring ThreatDown’s impact on cyber defense
- Subdomain takeover — protect your website against it!
- Email security best practices for using SPF, DKIM, and DMARC
- Best authentication practices for email senders
- Top 10 Password Security Standards
- Microsoft Exchange Server Security Update
About the Author: dpepper
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
How to install PyTorch on Linux (AlmaLinux)
Read ArticleInnovative armor — exploring ThreatDown’s impact on cyber defense
Read ArticleControlling PHP settings with a custom php.ini file
Read ArticleLinux dos2unix command syntax — removing hidden Windows characters from files
Read ArticleChange cPanel password from WebHost Manager (WHM)
Read Article