CVE-2016-3714 PoC — ImageMagick 输入验证错误漏洞

Source

Associated Vulnerability

Description

Fix ImageMagick Command Injection (CVE-2016-3714) with Ansible.

Readme

Ansible Role: CVE-2016-3714
=========

[![Build Status](https://travis-ci.org/chusiang/CVE-2016-3714.ansible.role.svg?branch=master)](https://travis-ci.org/chusiang/CVE-2016-3714.ansible.role) [![Ansible Galaxy](https://img.shields.io/badge/role-CVE--2016--3714-blue.svg)](https://galaxy.ansible.com/chusiang/CVE-2016-3714/)


Fix **ImageMagick Command Injection (CVE-2016-3714)** security issue with Ansible.

Requirements
------------

Any installed imagemagick and before v6.7.7.10 machine.

Role Variables
--------------

A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml.

    policy_path: "/etc/ImageMagick/policy.xml"
    injection_src: "/etc/passwd"
    injection_dest: "/tmp/hack.txt"

Dependencies
------------

none.

Example Playbook
----------------

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

    - hosts: servers
      roles:
         - { role: chusiang.CVE-2016-3714 }

License
-------

Copyright (c) chusiang from 2016 under the MIT license.

File Snapshot

 [4.0K]  /data/pocs/19da9a644744ba637b012aa012ae13910a313725
├── [4.0K]  defaults
│   └── [ 157]  main.yml
├── [1.1K]  LICENSE
├── [ 190]  Makefile
├── [4.0K]  meta
│   └── [1.7K]  main.yml
├── [1.1K]  README.md
├── [ 109]  requirements.yml
├── [ 320]  setup.yml
├── [4.0K]  tasks
│   ├── [ 860]  fix_imagemagick_injection.yml
│   └── [ 402]  main.yml
├── [4.0K]  templates
│   ├── [ 152]  exploit.png.j2
│   └── [2.6K]  policy.xml.j2
├── [4.0K]  tests
│   ├── [ 659]  Dockerfile.debian7
│   ├── [ 659]  Dockerfile.debian8
│   ├── [ 667]  Dockerfile.ubuntu1204
│   └── [ 663]  Dockerfile.ubuntu1404
└── [1.6K]  Vagrantfile

5 directories, 16 files

Remarks