Tag: imagemagick

OpenSSL 的安全性漏洞公告：「OpenSSL Security Advisory [3rd May 2016]」。ImageMagick 的安全性漏洞說明頁：「ImageTragick」。

CVE-2016-2107 是修 Lucky 13 問題時沒修好造成的：

This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.

而 CVE-2016-2108 是組合技，從兩個「看似無害」的安全性問題開始：

This vulnerability is a combination of two bugs, neither of which individually has security impact.

The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016.

然後 Google 的人找出來可以打穿：

The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016.

另外隔壁棚的 ImageMagick 安全性問題是個慘劇，是個 RCE 等級的，而且 exploit 已經在外面跑了：

One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.