Executive Summary
| Summary | |
|---|---|
| Title | tiff security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2256 | First vendor Publication | 2011-06-09 |
| Vendor | Debian | Last vendor Modification | 2011-06-09 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Tavis Ormandy discovered that the Tag Image File Format (TIFF) library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze2. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 3.9.5-1. We recommend that you upgrade your tiff packages. |
Original Source
| Url : http://www.debian.org/security/2011/dsa-2256 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12818 | |||
| Oval ID: | oval:org.mitre.oval:def:12818 | ||
| Title: | DSA-2256-1 tiff -- buffer overflow | ||
| Description: | Tavis Ormandy discovered that the Tag Image File Format library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution is not affected by this problem. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2256-1 CVE-2009-5022 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tiff |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13752 | |||
| Oval ID: | oval:org.mitre.oval:def:13752 | ||
| Title: | USN-1120-1 -- tiff vulnerability | ||
| Description: | tiff: TIFF manipulation and conversion tools The TIFF library could be made to run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1120-1 CVE-2009-5022 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | tiff |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21952 | |||
| Oval ID: | oval:org.mitre.oval:def:21952 | ||
| Title: | RHSA-2011:0452: libtiff security update (Important) | ||
| Description: | Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0452-01 CVE-2009-5022 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | libtiff |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23127 | |||
| Oval ID: | oval:org.mitre.oval:def:23127 | ||
| Title: | ELSA-2011:0452: libtiff security update (Important) | ||
| Description: | Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0452-01 CVE-2009-5022 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | libtiff |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28100 | |||
| Oval ID: | oval:org.mitre.oval:def:28100 | ||
| Title: | DEPRECATED: ELSA-2011-0452 -- libtiff security update (important) | ||
| Description: | [3.9.4-1.el6_0.3] - Add fix for CVE-2009-5022 Resolves: #696143 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0452 CVE-2009-5022 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | libtiff |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
| 2012-06-06 | Name : RedHat Update for libtiff RHSA-2011:0452-01 File : nvt/gb_RHSA-2011_0452-01_libtiff.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2256-1 (tiff) File : nvt/deb_2256_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for tiff USN-1120-1 File : nvt/gb_ubuntu_USN_1120_1.nasl |
| 2011-04-29 | Name : Mandriva Update for libtiff MDVSA-2011:078 (libtiff) File : nvt/gb_mandriva_MDVSA_2011_078.nasl |
| 2011-04-22 | Name : Fedora Update for libtiff FEDORA-2011-5304 File : nvt/gb_fedora_2011_5304_libtiff_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72260 | LibTIFF OJPEG Decoder tif_ojpeg.c Crafted TIFF File Handling Overflow LibTIFF is prone to an overflow condition. The OJPEGReadHeaderInfoSecStreamSof() function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libtiff-devel-110415.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libtiff-devel-110415.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0452.nasl - Type : ACT_GATHER_INFO |
| 2012-11-27 | Name : A graphic viewer installed on the remote host is affected by multiple buffer ... File : irfanview_435.nasl - Type : ACT_GATHER_INFO |
| 2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110418_libtiff_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1120-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2256.nasl - Type : ACT_GATHER_INFO |
| 2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5336.nasl - Type : ACT_GATHER_INFO |
| 2011-04-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-078.nasl - Type : ACT_GATHER_INFO |
| 2011-04-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5304.nasl - Type : ACT_GATHER_INFO |
| 2011-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0452.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:30:14 |
|
