Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 103099 Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3) |
| Informations | |||
|---|---|---|---|
| Name | SUN-103099 | First vendor Publication | 2007-10-11 |
| Vendor | Sun | Last vendor Modification | 2007-11-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System Multiple security vulnerabilities in the Solaris Tag Image File Format library (libtiff(3)) may allow a local or remote unprivileged user to crash applications that dynamically link to the "libtiff" library and execute arbitrary code with the privileges of a local user. The ability to crash an application that links to the "libtiff" library is a type of Denial of Service (DoS). Solaris ships several applications as part of the GNOME Desktop Environment that dynamically link with the "libtiff" library. These issues are described in the following documents: CVE-2006-2024 at http://www.security-database.com/detail.php?cve=CVE-2006-2024 CVE-2006-2025 at http://www.security-database.com/detail.php?cve=CVE-2006-2025 CVE-2006-2026 at http://www.security-database.com/detail.php?cve=CVE-2006-2026 Sun acknowledges with thanks, Tavis Ormandy from the Google Security Team for bringing these issues to our attention. Avoidance: Patch, Workaround State: Workaround First released: 11-Oct-2007 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_103099_multiple_security |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10593 | |||
| Oval ID: | oval:org.mitre.oval:def:10593 | ||
| Title: | Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | ||
| Description: | Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-2025 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11389 | |||
| Oval ID: | oval:org.mitre.oval:def:11389 | ||
| Title: | Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." | ||
| Description: | Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-2026 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9893 | |||
| Oval ID: | oval:org.mitre.oval:def:9893 | ||
| Title: | Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. | ||
| Description: | Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-2024 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-17 (libtiff) File : nvt/glsa_200605_17.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1054-1 (tiff) File : nvt/deb_1054_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 25020 | LibTIFF Cleanup Functions setfield/getfield Method Arbitrary Code Execution |
| 25019 | LibTIFF tif_dirread.c TIFFFetchData Function Overflow |
| 25018 | LibTIFF TIFFFetchAnyArray() Function DoS |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office TIFF filter buffer overflow attempt RuleID : 28391 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office TIFF filter buffer overflow attempt RuleID : 28390 - Revision : 3 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0648.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1054.nasl - Type : ACT_GATHER_INFO |
| 2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO |
| 2006-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO |
| 2006-05-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-17.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-082.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-277-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-06-28 20:10:32 |
|
