Vigil@nce - ImageMagick: command execution from CWD
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can place a malicious configuration file in the
current directory of ImageMagick users, in order to execute a
command with their privileges.
Severity: 1/4
Creation date: 15/11/2010
DESCRIPTION OF THE VULNERABILITY
The ImageMagick suite contains utilities to process images.
These utilities read configuration files (coder.xml and
delegates.xml) located in the /.magick/ and
/usr/lib/ImageMagick-*/config/ directories. The delegates.xml file
can contain shell commands to run in order to process images.
However, these utilities also read configuration files located in
the current directory.
An attacker can therefore place a malicious configuration file in
the current directory of ImageMagick users, in order to execute a
command with their privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ImageMagick-command-execution-from-CWD-10123