Executive Summary
Summary | |
---|---|
Title | tiff vulnerability |
Informations | |||
---|---|---|---|
Name | USN-797-1 | First vendor Publication | 2009-07-06 |
Vendor | Ubuntu | Last vendor Modification | 2009-07-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service. |
Original Source
Url : http://www.ubuntu.com/usn/USN-797-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10145 | |||
Oval ID: | oval:org.mitre.oval:def:10145 | ||
Title: | Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | ||
Description: | Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2285 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13570 | |||
Oval ID: | oval:org.mitre.oval:def:13570 | ||
Title: | USN-797-1 -- tiff vulnerability | ||
Description: | It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-797-1 CVE-2009-2285 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7049 | |||
Oval ID: | oval:org.mitre.oval:def:7049 | ||
Title: | LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability | ||
Description: | Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2285 | Version: | 17 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Apple Safari Apple iTunes |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for libtiff CESA-2009:1159 centos3 i386 File : nvt/gb_CESA-2009_1159_libtiff_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for libtiff CESA-2009:1159 centos5 i386 File : nvt/gb_CESA-2009_1159_libtiff_centos5_i386.nasl |
2010-06-25 | Name : Fedora Update for libtiff FEDORA-2010-10359 File : nvt/gb_fedora_2010_10359_libtiff_fc11.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:169-1 (libtiff) File : nvt/mdksa_2009_169_1.nasl |
2009-10-13 | Name : SLES10: Security update for libtiff File : nvt/sles10_libtiff.nasl |
2009-10-11 | Name : SLES11: Security update for libtiff3 File : nvt/sles11_libtiff3.nasl |
2009-10-10 | Name : SLES9: Security update for libtiff File : nvt/sles9p5055047.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:169 (libtiff) File : nvt/mdksa_2009_169.nasl |
2009-08-17 | Name : Gentoo Security Advisory GLSA 200908-03 (tiff) File : nvt/glsa_200908_03.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1159 (libtiff) File : nvt/ovcesa2009_1159.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1159 File : nvt/RHSA_2009_1159.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:150 (libtiff) File : nvt/mdksa_2009_150.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7775 (libtiff) File : nvt/fcore_2009_7775.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7724 (libtiff) File : nvt/fcore_2009_7724.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7717 (mingw32-libtiff) File : nvt/fcore_2009_7717.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1835-1 (tiff) File : nvt/deb_1835_1.nasl |
2009-07-15 | Name : Ubuntu USN-797-1 (tiff) File : nvt/ubuntu_797_1.nasl |
2009-07-07 | Name : LibTIFF TIFF Image Buffer Underflow Vulnerability File : nvt/gb_libtiff_buf_vuln.nasl |
2009-07-06 | Name : Fedora Core 11 FEDORA-2009-7417 (libtiff) File : nvt/fcore_2009_7417.nasl |
2009-07-06 | Name : Fedora Core 10 FEDORA-2009-7358 (libtiff) File : nvt/fcore_2009_7358.nasl |
2009-07-06 | Name : Fedora Core 9 FEDORA-2009-7335 (libtiff) File : nvt/fcore_2009_7335.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55265 | LibTIFF libtiff/tif_lzw.c LZWDecodeCompat() Function TIFF File Handling Under... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0027.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2013-04-11 | Name : The remote Mac OS X host contains a photo organization application that is af... File : macosx_picasa_3_9_14_34.nasl - Type : ACT_GATHER_INFO |
2013-04-11 | Name : The photo organizer running on the remote Windows host has multiple vulnerabi... File : google_picasa_3_9_136_17.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_libtiff_for_SL3_0_x.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_9_1_banner.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_9_1.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_5.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1835.nasl - Type : ACT_GATHER_INFO |
2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-169.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libtiff3-6340.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-6337.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtiff3-090703.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12448.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-03.nasl - Type : ACT_GATHER_INFO |
2009-08-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtiff3-090703.nasl - Type : ACT_GATHER_INFO |
2009-08-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff3-090703.nasl - Type : ACT_GATHER_INFO |
2009-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7763.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7717.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2009-07-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-150.nasl - Type : ACT_GATHER_INFO |
2009-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-797-1.nasl - Type : ACT_GATHER_INFO |
2009-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7335.nasl - Type : ACT_GATHER_INFO |
2009-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7358.nasl - Type : ACT_GATHER_INFO |
2009-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7417.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119901-17 File : solaris10_x86_119901.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119900-18 File : solaris10_119900.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:04 |
|