(Apple Issues Fix for Mac Pro) LibTIFF Multiple Bugs Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016671
|
|
SecurityTracker URL: http://securitytracker.com/id?1016671
|
|
CVE Reference: CVE-2006-3459
(Links to External Site)
|
Date: Aug 9 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Apple Security Advisory
|
Version(s): 3.7.2
|
Description: A vulnerability was reported in LibTIFF. A remote user can cause arbitrary code to be executed on the target user's system. Apple ImageIO is affected.
A remote user can create a specially crafted TIFF file that, when processed by the target user with an application linked with LibTIFF,
will execute arbitrary code on the target system. The code will run with the privileges of the target user or application.
Tavis
Ormandy of Google discovered these vulnerabilities.
|
Impact: A remote user can create a TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: Apple has issued a fix for ImageIO as part of Security Update 2006-004 for Mac Pro.
The Apple advisory is available at:
http://docs.info.apple.com/article.html?artnum=304146
|
Vendor URL: libtiff.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: 10.4.7 (Mac Pro)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 9 Aug 2006 16:55:02 -0400
Subject: About Security Update 2006-004 for Mac Pro
|
http://docs.info.apple.com/article.html?artnum=304146
ImageIO
CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465
OpenSSH
CVE-ID: CVE-2006-0393
|
|
