Over the past week, security researchers have seen an increase in attempts by hackers to find vulnerable servers to remote execution vulnerability code recently discovered in ImageMagick library Web server.
These failures were released Tuesday by researchers who have reason to believe that the attackers attackers already had knowledge after the initial correction of developers ImageMagick was incomplete. Deficiencies were collectively dubbed ImageTragick and a site with a lot of information that was created to draw attention to them.trade
ImageMagick is a command line tool that can be used to create, edit and convert images to different formats. The tool is the basis for other Web servers libraries, such as Imagick PHP, Ruby RMagick, papercli and ImageMagick Node.js, which is used by millions of websites.
Attackers can easily use the weaknesses by loading specially crafted images on Web sites that use ImageMagick to process images sent by users. So it is not surprising that the attackers rushed to exploit these vulnerabilities.
Web site security and optimization of the company began to see CloudFlare ImageTragick attack shortly after the addition of the detection rules for them in the Web Application Firewall, used by customers.
The company has seen attempts to use that look like intelligence efforts to identify vulnerable servers as well as attempts to use the flaws to install and run malicious files on a vulnerable server, which would provide attackers with access to the persistent .
"We do not know the site that has been hacked successfully using ImageTragick, but it is clear that hackers are actively trying this vulnerability as is fresh and many servers probably have not been resolved," said researcher CloudFlare John Graham-Cumming said blog.
Company researchers Sucuri Web Security ImageTragick also seen attacks on their clients. In these cases, the attackers attempted to exploit this vulnerability to execute unauthorized commands, which opened shell reverse back to the attackers server.
The attacks, Sucuri observed are not widely known, but that could change in the future.
"We are curious to see how it continues to evolve," said technical director Daniel Sucuri Sid on his blog. "In the past, we have seen different things happen. Some start with very modest target testing and other countries with a more aggressive weight use trying. Because this vulnerability specifically, seems to be missing some important elements, such as availability, this may explain why we see a slower, more cautious, stick-and-Prod such an approach. "
Whether or not the spread attack, server administrators should apply the patch available and recommended mitigation based on the policy as soon as possible. According to the ImageMagick developers, version 7.0.1-1 and 6.9.3-10, as well as all subsequent versions contain enhanced correction ImageTragick vulnerabilities.
No comments:
Post a Comment