(Gentoo Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011668 |
|
SecurityTracker URL: http://securitytracker.com/id/1011668
|
|
CVE Reference:
CAN-2004-0803
(Links to External Site)
|
Date: Oct 14 2004
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.6.1
|
Description:
Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code on the target user's system.
Gentoo reported that a remote user may be able to create a specially crafted image file that, when processed by the library, will execute arbitrary code with the privileges of the target user.
Chris Evans is credited with discovering these flaws.
The flaws reside in the RLE decoding routines in tif_next.c, tif_thunder.c, and potentially tif_luv.c.
Some demonstration exploit TIFFs are available at:
http://scary.beasts.org/misc/bad_next.tiff
http://scary.beasts.org/misc/bad_thunder.tiff
The original advisory is available at:
http://scary.beasts.org/security/CESA-2004-006.txt
|
Impact:
A remote user can create TIFF files that, when loaded by the target library, will execute arbitrary code.
|
Solution:
Gentoo has released a fix and indicates that all tiff library users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/tiff-3.6.1-r2"
# emerge ">=media-libs/tiff-3.6.1-r2"
|
Vendor URL: www.libtiff.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Gentoo)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 13 Oct 2004 16:45:13 +0200
Subject: [gentoo-announce] [ GLSA 200410-11 ] tiff: Buffer overflows in image decoding
|
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig77A9C45D30841683A1E60C7E
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: tiff: Buffer overflows in image decoding
Date: October 13, 2004
ID: 200410-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple heap-based overflows have been found in the tiff library image
decoding routines, potentially allowing to execute arbitrary code with
the rights of the user viewing a malicious image.
Background
==========
The tiff library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE, to help in displaying TIFF images. xv is a multi-format image
manipulation utility that is statically linked to the tiff library.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 3.6.1-r2 >= 3.6.1-r2
2 media-gfx/xv <= 3.10a-r7 >= 3.10a-r8
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Chris Evans found heap-based overflows in RLE decoding routines in
tif_next.c, tif_thunder.c and potentially tif_luv.c.
Impact
======
A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the tiff library, including GNOME and KDE web
browsers or mail readers.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All tiff library users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/tiff-3.6.1-r2"
# emerge ">=media-libs/tiff-3.6.1-r2"
xv makes use of the tiff library and needs to be recompiled to receive
the new patched version of the library. All xv users should also
upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-gfx/xv-3.10a-r8"
# emerge ">=media-gfx/xv-3.10a-r8"
References
==========
[ 1 ] CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200410-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
--------------enig77A9C45D30841683A1E60C7E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBbT9/vcL1obalX08RAjEpAJ9ZGFVR5am2n014FGPqDGqY8yz+tgCfX8YO
yyESfI+5aFrut8VfGWE5oHc=
=2IQA
-----END PGP SIGNATURE-----
--------------enig77A9C45D30841683A1E60C7E--
|
|
