Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:129B6A9BB5C74D717E5AB861B666605D
HistoryJun 13, 2016 - 12:00 a.m.

USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry

2016-06-1300:00:00
Cloud Foundry
www.cloudfoundry.org
31

0.971 High

EPSS

Percentile

99.8%

JSON

USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick)

Medium

Vendor

Imagemagick, Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as β€˜ImageTragick’. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718)

Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118)

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.65.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.65.0 or later versions

Credit

Stewie, Nikolay Ermishkin, Bob Friesenhahn

References

Related

nessus 38
openvas 33
ubuntu 1
f5 12
debian 8
osv 6
freebsd 1
oraclelinux 2
suse 12
mageia 1
redhat 1
exploitpack 1
altlinux 3
seebug 2
zdt 1
slackware 3
centos 1
amazon 1
exploitdb 2
gentoo 1
attackerkb 2
ubuntucve 6
cve 6
checkpoint_advisories 6
cvelist 6
prion 6
redhatcve 6
nvd 6
alpinelinux 1
veracode 7
debiancve 6
cert 1
hackerone 1
packetstorm 1
threatpost 2
symantec 1
archlinux 1
myhack58 1
cisa_kev 2
thn 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : ImageMagick vulnerabilities (USN-2990-1)
2016-06-03 00:00:00
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1275-1) (ImageTragick)
2016-05-13 00:00:00
Debian DSA-3580-1 : imagemagick - security update (ImageTragick)
2016-05-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2990-1)
2016-06-03 00:00:00
Debian Security Advisory DSA 3580-1 (imagemagick - security update)
2016-05-16 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-699)
2016-10-26 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-06-02 00:00:00
f5
f5
SOL03151140 - ImageMagick vulnerability CVE-2016-3714
2016-05-09 00:00:00
SOL61974123 - ImageMagick vulnerability CVE-2016-3718
2016-05-13 00:00:00
SOL10550253 - ImageMagick vulnerability CVE-2016-3715
2016-05-13 00:00:00
debian
debian
[SECURITY] [DSA 3580-1] imagemagick security update
2016-05-16 17:37:08
[SECURITY] [DSA 3580-1] imagemagick security update
2016-05-16 17:37:08
[SECURITY] [DLA 486-1] imagemagick security update
2016-05-23 02:34:38
osv
osv
imagemagick - security update
2016-05-16 00:00:00
imagemagick - security update
2016-05-23 00:00:00
graphicsmagick - security update
2016-05-21 00:00:00
freebsd
freebsd
ImageMagick -- multiple vulnerabilities
2016-05-03 00:00:00
oraclelinux
oraclelinux
ImageMagick security update
2016-05-09 00:00:00
ImageMagick security update
2016-06-16 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-05-11 17:08:09
Security update for ImageMagick (important)
2016-05-07 13:08:32
Security update for ImageMagick (important)
2016-05-07 14:07:41
mageia
mageia
Updated imagemagick/ruby-rmagic packages fix security vulnerability
2016-05-20 14:38:30
redhat
redhat
(RHSA-2016:0726) Important: ImageMagick security update
2016-05-09 16:56:15
exploitpack
exploitpack
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities
2016-05-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package ImageMagick version 6.8.4.10-alt3.M70P.1
2016-05-20 00:00:00
Security fix for the ALT Linux 6 package ImageMagick version 6.6.9.7-alt0.M60P.1
2016-06-11 00:00:00
Security fix for the ALT Linux 7 package ImageMagick version 6.8.4.10-alt3.M70P.2
2016-06-06 00:00:00
seebug
seebug
ImageMagick ε‘½δ»€ζ‰§θ‘ŒζΌζ΄ž (ImageTragick)
2016-05-04 00:00:00
Wordpress 4.5.1 Remote Command Execute
2016-05-05 00:00:00
zdt
zdt
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
2016-05-04 00:00:00
slackware
slackware
[slackware-security] imagemagick
2016-05-11 06:33:30
[slackware-security] imagemagick
2016-05-11 06:33:30
[slackware-security] imagemagick
2016-05-31 05:51:55
centos
centos
ImageMagick security update
2016-05-09 17:51:59
amazon
amazon
Important: ImageMagick
2016-05-11 11:00:00
exploitdb
exploitdb
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
2016-05-04 00:00:00
ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)
2016-05-09 00:00:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2016-11-30 00:00:00
attackerkb
attackerkb
CVE-2016-3718
2016-05-05 00:00:00
CVE-2016-3715
2016-05-05 00:00:00
ubuntucve
ubuntucve
CVE-2016-3716
2016-05-05 00:00:00
CVE-2016-3718
2016-05-05 00:00:00
CVE-2016-3717
2016-05-05 00:00:00
cve
cve
CVE-2016-3716
2016-05-05 18:59:06
CVE-2016-5118
2016-06-10 15:59:06
CVE-2016-3717
2016-05-05 18:59:07
checkpoint_advisories
checkpoint_advisories
ImageMagick Unauthorized File Moving (CVE-2016-3716)
2016-06-29 00:00:00
GraphicsMagick and ImageMagick popen() Command Execution (CVE-2016-5118)
2017-01-08 00:00:00
ImageMagick Server Side Request Forgery (CVE-2016-3718)
2016-06-29 00:00:00
cvelist
cvelist
CVE-2016-5118
2016-06-10 15:00:00
CVE-2016-3718
2016-05-05 18:00:00
CVE-2016-3714
2016-05-05 18:00:00
prion
prion
Design/Logic Flaw
2016-06-10 15:59:00
Code injection
2016-05-05 18:59:00
Server side request forgery (ssrf)
2016-05-05 18:59:00
redhatcve
redhatcve
CVE-2016-5118
2016-05-30 11:18:26
CVE-2016-3718
2016-05-04 07:18:51
CVE-2016-3717
2016-05-03 15:48:58
nvd
nvd
CVE-2016-5118
2016-06-10 15:59:06
CVE-2016-3716
2016-05-05 18:59:06
CVE-2016-3718
2016-05-05 18:59:08
alpinelinux
alpinelinux
CVE-2016-5118
2016-06-10 15:59:06
veracode
veracode
Arbitrary File Moving
2017-02-01 08:02:13
Remote Code Execution (RCE)
2019-01-15 09:11:36
Remote Code Execution (RCE)
2017-02-01 08:53:07
debiancve
debiancve
CVE-2016-3718
2016-05-05 18:59:08
CVE-2016-3717
2016-05-05 18:59:07
CVE-2016-3716
2016-05-05 18:59:06
cert
cert
ImageMagick does not properly validate input before processing images using a delegate
2016-05-04 00:00:00
hackerone
hackerone
Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
2016-04-21 00:00:00
packetstorm
packetstorm
ImageMagick Delegate Arbitrary Command Execution
2016-05-06 00:00:00
threatpost
threatpost
Public Exploits Available for ImageMagick Vulnerabilities
2016-05-04 12:17:05
SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform
2019-06-25 22:47:50
symantec
symantec
SA151: ImageMagick RCE Vulnerability (ImageTragick)
2017-07-05 08:00:00
archlinux
archlinux
imagemagick: arbitrary code execution
2016-05-05 00:00:00
myhack58
myhack58
How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net
2017-06-06 00:00:00
cisa_kev
cisa_kev
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
2021-11-03 00:00:00
ImageMagick Arbitrary File Deletion Vulnerability
2021-11-03 00:00:00
thn
thn
Warning β€” Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution
2016-05-03 22:59:00

0.971 High

EPSS

Percentile

99.8%

JSON
Related for CFOUNDRY:129B6A9BB5C74D717E5AB861B666605D
nessus38openvas33ubuntu1f512debian8osv6freebsd1oraclelinux2suse12mageia1redhat1exploitpack1altlinux3seebug2zdt1slackware3centos1amazon1exploitdb2gentoo1attackerkb2ubuntucve6cve6checkpoint_advisories6cvelist6prion6redhatcve6nvd6alpinelinux1veracode7debiancve6cert1hackerone1packetstorm1threatpost2symantec1archlinux1myhack581cisa_kev2thn1