SecurityTracker: (Fedora Issues Fix for FC3) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > LibTIFF

Vendors: libtiff.org

(Fedora Issues Fix for FC3) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1012698

SecurityTracker URL: http://securitytracker.com/id/1012698

CVE Reference: CAN-2004-1308 (Links to External Site)

Date: Dec 24 2004

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 3.7.1

Description: Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code.

iDEFENSE reported that a remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A heap overflow can be triggered in the TIFFFetchStripThing() function in 'tif_dirread.c' when processing a TIFF file containing the STRIPOFFSETS flag. [Editor's note: This bug was independently corrected by the vendor in version 3.7.0.]

It is also reported that an overflow may occur in 'tif_dirread.c' when the TIFF file contains a TIFF_ASCII or TIFF_UNDEFINED directory entry.

The vendor was notified on December 17, 2004.

infamous41md[at]hotpop.com is credited with discovering the directory entry overflow flaw.

Impact: A remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.

Solution: Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

0370e65c66788b4476863b29d697247e SRPMS/libtiff-3.6.1-8.fc3.src.rpm
2475b693e8188e003a54e94fca748031 x86_64/libtiff-3.6.1-8.fc3.x86_64.rpm
ba0f1e89001372552094f55dfe05fa66 x86_64/libtiff-
devel-3.6.1-8.fc3.x86_64.rpm
43f170c08e8a6c1c53083d98469d5428 x86_64/debug/libtiff-
debuginfo-3.6.1-8.fc3.x86_64.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4 x86_64/libtiff-3.6.1-8.fc3.i386.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4 i386/libtiff-3.6.1-8.fc3.i386.rpm
59492e392e5b0bd9e66ca8ee82627967 i386/libtiff-
devel-3.6.1-8.fc3.i386.rpm
58ff2cbc072afc35eea2efc2bac42ea4 i386/debug/libtiff-
debuginfo-3.6.1-8.fc3.i386.rpm

Vendor URL: www.libtiff.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Red Hat Fedora)

Message History: This archive entry is a follow-up to the message listed below.

LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Wed, 22 Dec 2004 13:15:27 -0500
Subject: [SECURITY] Fedora Core 3 Update: libtiff-3.6.1-8.fc3


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-577
2004-12-22
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : libtiff
Version     : 3.6.1                      
Release     : 8.fc3                  
Summary     : A library of functions for manipulating TIFF format image
files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

---------------------------------------------------------------------
Update Information:

Fix several buffer overflow problems that could be used as an exploit.
Fixes the following security advisory: CAN-2004-1308

---------------------------------------------------------------------
* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com>

- fix some integer and buffer overflows (#143506)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

0370e65c66788b4476863b29d697247e  SRPMS/libtiff-3.6.1-8.fc3.src.rpm
2475b693e8188e003a54e94fca748031  x86_64/libtiff-3.6.1-8.fc3.x86_64.rpm
ba0f1e89001372552094f55dfe05fa66  x86_64/libtiff-
devel-3.6.1-8.fc3.x86_64.rpm
43f170c08e8a6c1c53083d98469d5428  x86_64/debug/libtiff-
debuginfo-3.6.1-8.fc3.x86_64.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4  x86_64/libtiff-3.6.1-8.fc3.i386.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4  i386/libtiff-3.6.1-8.fc3.i386.rpm
59492e392e5b0bd9e66ca8ee82627967  i386/libtiff-
devel-3.6.1-8.fc3.i386.rpm
58ff2cbc072afc35eea2efc2bac42ea4  i386/debug/libtiff-
debuginfo-3.6.1-8.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC