Executive Summary

Summary
Title TIFF library vulnerabilities
Informations
Name USN-277-1 First vendor Publication 2006-05-03
Vendor Ubuntu Last vendor Modification 2006-05-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for Ubuntu 5.10). After a standard system upgrade you need to reboot your computer to effect the necessary changes, since this library is used by many client and server applications.

Details follow:

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges.

Original Source

Url : http://www.ubuntu.com/usn/USN-277-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10593
 
Oval ID: oval:org.mitre.oval:def:10593
Title: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Description: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2025
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11389
 
Oval ID: oval:org.mitre.oval:def:11389
Title: Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
Description: Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
Family: unix Class: vulnerability
Reference(s): CVE-2006-2026
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9572
 
Oval ID: oval:org.mitre.oval:def:9572
Title: The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
Description: The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2120
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9893
 
Oval ID: oval:org.mitre.oval:def:9893
Title: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Description: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2024
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 40

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-17 (libtiff)
File : nvt/glsa_200605_17.nasl
2008-01-17 Name : Debian Security Advisory DSA 1054-1 (tiff)
File : nvt/deb_1054_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1078-1 (tiff)
File : nvt/deb_1078_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
25230 LibTIFF TIFFToRGB() Color Mapping Value Overflows
25020 LibTIFF Cleanup Functions setfield/getfield Method Arbitrary Code Execution
25019 LibTIFF tif_dirread.c TIFFFetchData Function Overflow
25018 LibTIFF TIFFFetchAnyArray() Function DoS

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office TIFF filter buffer overflow attempt
RuleID : 28391 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office TIFF filter buffer overflow attempt
RuleID : 28390 - Revision : 3 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1054.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1078.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO
2006-05-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200605-17.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-082.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-277-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:03:25
  • Multiple Updates