Legacy ImageMagick Discussions Archive

Given what you've checked I'd say you are safe in concluding that ImageMagick isn't installed on the system.

Just by way of an update, I was able to replicate all the exploits listed on https://imagetragick.com/ on CentOS7, and all with the exception of the epehmeral:/ delete on RHEL5 & CentOS5 and have deployed the mitigations below to all my systems with no issues, other than the loss of SVG thumbnailing ...

Based on the existence of an 'msl.so' on CentOS v5 it looks like MSL would be an issue too, for now I'm going to chmod 000 all of mvg.so, msl.so, url.so and label.so

Looks like MVG (and label) can be disabled on CentOSv5 by denying access to (or I guess removing / renaming) the coder plugin file(s):

chmod -v 000 /usr/lib*/ImageMagick-*/modules-*/coders/mvg.so

'label' and 'svg' can be disabled in the same way too.

The remote command execution via 'HTTPS' appears to be able to be mitigated on RHEL/CentOS v5 by updating the delegates.xml eg changing the following line in /usr/lib64/ImageMagick-6.2.8/config/delegates.xml (CentOS 5 path) <delegate decode="https" command='"wget" -q -O "%o" "https:%M"' /> to ...