SecurityTracker.com Archives - (Fedora Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > LibTIFF

Vendors: libtiff.org

(Fedora Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1012697

SecurityTracker URL: http://securitytracker.com/id?1012697

CVE Reference: CAN-2004-1308 (Links to External Site)

Date: Dec 24 2004

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 3.7.1

Description: Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code.

iDEFENSE reported that a remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A heap overflow can be triggered in the TIFFFetchStripThing() function in 'tif_dirread.c' when processing a TIFF file containing the STRIPOFFSETS flag. [Editor's note: This bug was independently corrected by the vendor in version 3.7.0.]

It is also reported that an overflow may occur in 'tif_dirread.c' when the TIFF file contains a TIFF_ASCII or TIFF_UNDEFINED directory entry.

The vendor was notified on December 17, 2004.

infamous41md[at]hotpop.com is credited with discovering the directory entry overflow flaw.

Impact: A remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.

Solution: Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a61d7738295e33663bd559e950a0ffe2 SRPMS/libtiff-3.5.7-21.fc2.src.rpm
0d4d9585b0efe3c2d6b12e192fba710e x86_64/libtiff-3.5.7-21.fc2.x86_64.rpm
3029673d8774199d44b86eb282be19ad x86_64/libtiff-
devel-3.5.7-21.fc2.x86_64.rpm
ef55f622015d28d2a2904237c5990c60 x86_64/debug/libtiff-
debuginfo-3.5.7-21.fc2.x86_64.rpm
d07013ed7c80369f9ad3beb6f6bd2 148 x86_64/libtiff-3.5.7-21.fc2.i386.rpm
d07013ed7c80369f9ad3beb6f6bd2148 i386/libtiff-3.5.7-21.fc2.i386.rpm
c981efcef0a232cc627dec188bca76c4 i386/libtiff-
devel-3.5.7-21.fc2.i386.rpm
9292074615b4a8cde6459aa8b19d7de1 i386/debug/libtiff-
debuginfo-3.5.7-21.fc2.i386.rpm

Vendor URL: www.libtiff.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Red Hat Fedora)

Underlying OS Comments: FC2

Reported By: Matthias Clasen <mclasen@redhat.com>

Message History: This archive entry is a follow-up to the message listed below.

Dec 22 2004

LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Wed, 22 Dec 2004 13:14:47 -0500
From: Matthias Clasen <mclasen@redhat.com>
Subject: [SECURITY] Fedora Core 2 Update: libtiff-3.5.7-21.fc2

 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-576
2004-12-22
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : libtiff
Version     : 3.5.7                      
Release     : 21.fc2                  
Summary     : A library of functions for manipulating TIFF format image
files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

---------------------------------------------------------------------
Update Information:

Fix several buffer overflow problems that could be used as an exploit.
Fixes the following security advisory: CAN-2004-1308

---------------------------------------------------------------------
* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com>

- fix some integer and buffer overflows (#143506)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a61d7738295e33663bd559e950a0ffe2  SRPMS/libtiff-3.5.7-21.fc2.src.rpm
0d4d9585b0efe3c2d6b12e192fba710e  x86_64/libtiff-3.5.7-21.fc2.x86_64.rpm
3029673d8774199d44b86eb282be19ad  x86_64/libtiff-
devel-3.5.7-21.fc2.x86_64.rpm
ef55f622015d28d2a2904237c5990c60  x86_64/debug/libtiff-
debuginfo-3.5.7-21.fc2.x86_64.rpm
d07013ed7c80369f9ad3beb6f6bd2148  x86_64/libtiff-3.5.7-21.fc2.i386.rpm
d07013ed7c80369f9ad3beb6f6bd2148  i386/libtiff-3.5.7-21.fc2.i386.rpm
c981efcef0a232cc627dec188bca76c4  i386/libtiff-
devel-3.5.7-21.fc2.i386.rpm
9292074615b4a8cde6459aa8b19d7de1  i386/debug/libtiff-
debuginfo-3.5.7-21.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC