Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2010-1411 First vendor Publication 2010-06-17
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12688
 
Oval ID: oval:org.mitre.oval:def:12688
Title: DSA-2084-1 tiff -- integer overflows
Description: Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 3.8.2-11.3. For the unstable distribution, this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages.
Family: unix Class: patch
Reference(s): DSA-2084-1
CVE-2010-1411
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): tiff
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 5
Os 5

OpenVAS Exploits

Date Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-02 (tiff)
File : nvt/glsa_201209_02.nasl
2011-08-09 Name : CentOS Update for libtiff CESA-2010:0519 centos5 i386
File : nvt/gb_CESA-2010_0519_libtiff_centos5_i386.nasl
2011-05-06 Name : Fedora Update for mingw32-libtiff FEDORA-2011-5955
File : nvt/gb_fedora_2011_5955_mingw32-libtiff_fc13.nasl
2011-04-19 Name : Fedora Update for libtiff FEDORA-2011-3827
File : nvt/gb_fedora_2011_3827_libtiff_fc13.nasl
2010-08-21 Name : Debian Security Advisory DSA 2084-1 (tiff)
File : nvt/deb_2084_1.nasl
2010-08-20 Name : CentOS Update for libtiff CESA-2010:0520 centos3 i386
File : nvt/gb_CESA-2010_0520_libtiff_centos3_i386.nasl
2010-08-09 Name : Mandriva Update for libtiff MDVSA-2010:145 (libtiff)
File : nvt/gb_mandriva_MDVSA_2010_145.nasl
2010-08-09 Name : Mandriva Update for libtiff MDVSA-2010:146 (libtiff)
File : nvt/gb_mandriva_MDVSA_2010_146.nasl
2010-07-12 Name : RedHat Update for libtiff RHSA-2010:0519-01
File : nvt/gb_RHSA-2010_0519-01_libtiff.nasl
2010-07-12 Name : RedHat Update for libtiff RHSA-2010:0520-01
File : nvt/gb_RHSA-2010_0520-01_libtiff.nasl
2010-07-12 Name : Fedora Update for mingw32-libtiff FEDORA-2010-10460
File : nvt/gb_fedora_2010_10460_mingw32-libtiff_fc13.nasl
2010-07-12 Name : Fedora Update for mingw32-libtiff FEDORA-2010-10469
File : nvt/gb_fedora_2010_10469_mingw32-libtiff_fc12.nasl
2010-07-06 Name : FreeBSD Ports: tiff
File : nvt/freebsd_tiff6.nasl
2010-07-06 Name : Fedora Update for libtiff FEDORA-2010-10333
File : nvt/gb_fedora_2010_10333_libtiff_fc12.nasl
2010-07-02 Name : Fedora Update for libtiff FEDORA-2010-10334
File : nvt/gb_fedora_2010_10334_libtiff_fc13.nasl
2010-06-25 Name : Fedora Update for libtiff FEDORA-2010-10359
File : nvt/gb_fedora_2010_10359_libtiff_fc11.nasl
2010-06-25 Name : Ubuntu Update for tiff vulnerabilities USN-954-1
File : nvt/gb_ubuntu_USN_954_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-180-02 libtiff
File : nvt/esoft_slk_ssa_2010_180_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
65296 Apple Safari ImageIO TIFF File Handling Multiple Overflows

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0520.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0519.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100708_libtiff_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtiff-7052.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-146.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-145.nasl - Type : ACT_GATHER_INFO
2010-08-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2084.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10469.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10460.nasl - Type : ACT_GATHER_INFO
2010-07-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10333.nasl - Type : ACT_GATHER_INFO
2010-07-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10334.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-180-02.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10359.nasl - Type : ACT_GATHER_INFO
2010-06-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-954-1.nasl - Type : ACT_GATHER_INFO
2010-06-17 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_9_2_banner.nasl - Type : ACT_GATHER_INFO
2010-06-17 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_9_2.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12618.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libtiff-devel-100524.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_313da7dc763b11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://marc.info/?l=oss-security&m=127731610612908&w=2
http://secunia.com/advisories/40181
http://secunia.com/advisories/40196
http://secunia.com/advisories/40220
http://secunia.com/advisories/40381
http://secunia.com/advisories/40478
http://secunia.com/advisories/40527
http://secunia.com/advisories/40536
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://securitytracker.com/id?1024103
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&...
http://support.apple.com/kb/HT4188
http://support.apple.com/kb/HT4196
http://support.apple.com/kb/HT4220
http://www.redhat.com/support/errata/RHSA-2010-0519.html
http://www.redhat.com/support/errata/RHSA-2010-0520.html
http://www.remotesensing.org/libtiff/v3.9.3.html
http://www.securityfocus.com/bid/40823
http://www.ubuntu.com/usn/USN-954-1
http://www.vupen.com/english/advisories/2010/1435
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2010/1512
http://www.vupen.com/english/advisories/2010/1638
http://www.vupen.com/english/advisories/2010/1731
http://www.vupen.com/english/advisories/2010/1761
https://bugzilla.redhat.com/show_bug.cgi?id=592361
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 23:08:16
  • Multiple Updates
2024-11-28 12:21:42
  • Multiple Updates
2021-05-04 12:11:26
  • Multiple Updates
2021-04-22 01:12:02
  • Multiple Updates
2020-05-23 00:25:38
  • Multiple Updates
2016-04-26 19:44:34
  • Multiple Updates
2014-02-17 10:54:51
  • Multiple Updates
2013-05-16 17:02:39
  • Multiple Updates
2013-05-10 23:22:56
  • Multiple Updates