[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050407135019.A1957@caldera.com>
Date: Thu, 7 Apr 2005 13:50:20 -0700
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.4 : libtiff Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : libtiff Multiple vulnerabilities
Advisory number: SCOSA-2005.19
Issue date: 2005 April 07
Cross reference: sr892971 fz531015 erg712790 CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0929 CAN-2004-1183 CAN-2004-1308
______________________________________________________________________________
1. Problem Description
Updated libtiff fixes several vulnerabilities:
Multiple vulnerabilities in the RLE (run length encoding)
decoders for libtiff 3.6.1 and earlier, related to buffer
overflows and integer overflows, allow remote attackers to
execute arbitrary code via TIFF files.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0803 to this issue.
Vulnerability in in tif_dirread.c for libtiff allows remote
attackers to cause a denial of service (application crash)
via a TIFF image that causes a divide-by-zero error when
the number of row bytes is zero.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0804 to this issue.
Multiple integer overflows in libtiff 3.6.1 and earlier allow
remote attackers to cause a denial of service (crash or memory
corruption) via TIFF images that lead to incorrect malloc calls.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0886 to this issue.
Heap-based buffer overflow in the OJPEGVSetField function
in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled
with the OJPEG_SUPPORT (old JPEG support) option, allows
remote attackers to execute arbitrary code via a malformed
TIFF image.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0929 to this issue.
Integer overflow in the tiffdump utility for libtiff 3.7.1 and
earlier allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a
crafted TIFF file.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-1183 to this issue.
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c
for libtiff 3.5.7 and 3.7.0 allows remote attackers to
execute arbitrary code via a TIFF file containing a TIFF_ASCII
or TIFF_UNDEFINED directory entry with a -1 entry count,
which leads to a heap-based buffer overflow.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1308 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 libtiff distribution
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19
4.2 Verification
MD5 (tiff.image) = c9f976565559059f1ae413886a43c063
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download tiff.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/tiff.image
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr892971 fz531015
erg712790.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank iDEFENSE and infamous41md[at]hotpop.com
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)
iD8DBQFCVZtCaqoBO7ipriERAq0NAKCJyEGo562Bx4SGIYb7DQnXycvavACfXj9H
MFkNw5rfq8K3bHt9nip2nQ0=
=cjWx
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists