lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 14 Jul 2003 11:31:43 -0000
From: Angelo Rosiello <guilecool@....com>
To: bugtraq@...urityfocus.com
Subject: ImageMagick's Overflow






                       ImageMagick's Overflow


                    Rosiello Security's Advisory
                                 &
                               DTORS

http://www.rosiello.org


I. BACKGROUND 
The ImageMagick (display) is an image viewer.
ImageMagick is part of the KDE desktop and is
bundled with all major Linux distributions.


II. DESCRIPTION 
A vulnerability was found in this application that could lead to the
execution of arbitrary code with the privileges of the user running the 
program.
This vulnerability can be exploited from within email clients that use 
ImageMagick
as default for image viewing.
It is possible that an user could load the "malicious" file 
directly,exploiting him self. 


III. ANALYSYS 
Class: Input validation error
Remotely Exploitable: No
Locally Exploitable: Yes but hardly
Exploitation can provide local attackers with user access to an affected 
system.
The following shows how the "malicious" file can cause the crash of 
ImageMagick.
[root@...alhost root]# ls -l /usr/X11R6/bin/display
-rwxr-xr-x 1 root root 30564 Mar 14 2002 /usr/X11R6/bin/display
[root@...alhost root]# touch %x
[root@...alhost root]# gdb display
(gdb) r
Starting program: /usr/X11R6/bin/display
[New Thread 1024 (LWP 757)]


At this point open the file "%x" via ImageMagick.
On the gdb prompt you will see the following:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 757)]
0x4003cf0b in SetExceptionInfo () from /usr/X11R6/lib/libMagick.so.5
(gdb)


IV. DETECTION 
All distributions supporting ImageMagick are affected.
Red Hat, Mandrake, Suse and maybe others.
Vulnerable Packages:
Up to 5.4.3.x, all versions are vulnerable but the last one.
Mainteiners were informed and consented about this Advisory. 

VI. CREDITS 
This vulnerability was found by Angelo Rosiello.

http://www.rosiello.org
&
http://www.dtors.net

CONTACT: angelo@...iello.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ