View previous topic :: View next topic |
Author |
Message |
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1296
|
|
Back to top |
|
|
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
Posted: Wed May 04, 2016 12:49 pm Post subject: |
|
|
OK, so if I understand you correctly, it's only for users with command-line access to the server? Phew!
Though... Not sure why it would be such a widespread vulnerability in that case. |
|
Back to top |
|
|
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
Posted: Wed May 04, 2016 1:10 pm Post subject: |
|
|
Reading up on it further, this does seem to be a more critical issue. From the Ars article:
Quote: | ImageMagick suffers from a vulnerability that allows malformed images to force a Web server to execute code of an attacker's choosing. Websites that use ImageMagick and allow users to upload images are at risk of attacks that could completely compromise their security. |
Websites that allow users to upload images are at risk.
Basically, specially crafted images cause code execution. It doesn't seem to be limited to the command line, as I interpret the news. |
|
Back to top |
|
|
|