[Full-Disclosure] UnixWare 7.1.4 : Multiple Vulnerabilities in libpng

please_reply_to_security_at_sco.com
Date: 10/12/04

  • Next message: Gregory Gilliss: "Re: [Full-Disclosure] Quicky Analysis of a Proxy/Zombie Network"
    To: security-announce@list.sco.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    Date: Tue, 12 Oct 2004 10:30:37 -0700 (PDT)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: UnixWare 7.1.4 : Multiple Vulnerabilities in libpng
    Advisory number: SCOSA-2004.16
    Issue date: 2004 October 07
    Cross reference: sr891394 fz530149 erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464 TA04-217A
    ______________________________________________________________________________

    1. Problem Description

            Several vulnerabilities exist in the libpng library, the
            most serious of which could allow a remote attacker to
            execute arbitrary code on an affected system.

            CERT Technical Cyber Security Alert TA04-217A

            VU#388984 - libpng fails to properly check length of
                        transparency chunk (tRNS) data. The
                        Common Vulnerabilities and Exposures project
                        (cve.mitre.org) has assigned the following name
                        CAN-2004-0597 to this issue.

            VU#236656 - libpng png_handle_iCCP() NULL pointer dereference
                        The Common Vulnerabilities and Exposures project
                        (cve.mitre.org) has assigned the following name
                        CAN-2004-0598 to this issue.

            VU#160448 - libpng integer overflow in image height processing
                        The Common Vulnerabilities and Exposures project
                        (cve.mitre.org) has assigned the following name
                        CAN-2004-0599 to this issue.

            VU#477512 - libpng png_handle_sPLT() integer overflow
                        The Common Vulnerabilities and Exposures project
                        (cve.mitre.org) has assigned the following name
                        CAN-2004-0599 to this issue.

            VU#817368 - libpng png_handle_sBIT() performs insufficient
                        bounds checking. The Common Vulnerabilities
                        and Exposures project (cve.mitre.org) has assigned
                        the following name CAN-2004-0597 to this issue.

            VU#286464 - libpng contains integer overflows in progressive display
                        image reading. The Common Vulnerabilities and Exposures
                        project (cve.mitre.org) has assigned the following name
                        CAN-2004-0599 to this issue.

    2. Vulnerable Supported Versions

            System Files
            ----------------------------------------------------------------------
            UnixWare 7.1.4 /usr/include/png.h
                                            /usr/include/pngconf.h
                                            /usr/lib/libpng.a
                                            /usr/lib/libpng.so.3.1.2.7
                                            /usr/man/man.3/libpng.3
                                            /usr/man/man.3/libpngpf.3
                                            /usr/man/man.5/png.5
    3. Solution

            The proper solution is to install the latest packages.

    4. UnixWare 7.1.4

            4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16

            4.2 Verification

            MD5 (erg712684.pkg) = 78920b002aaeb097149084dc7451ce83

            md5 is available for download from
                    ftp://ftp.sco.com/pub/security/tools

            4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following sequence:

            Download erg712684.pkg to the /var/spool/pkg directory

            # pkgadd -d /var/spool/pkg/erg712684.pkg

    5. References

            Specific references for this advisory:
                    http://libpng.sourceforge.net
                    http://www.libpng.org/pub/png
                    http://scary.beasts.org/security/CESA-2004-001.txt
                    http://www.us-cert.gov/cas/techalerts/TA04-217A.html
                    http://www.kb.cert.org/vuls/id/388984
                    http://www.kb.cert.org/vuls/id/817368
                    http://www.kb.cert.org/vuls/id/286484
                    http://www.kb.cert.org/vuls/id/477512
                    http://www.kb.cert.org/vuls/id/160448
                    http://www.kb.cert.org/vuls/id/236656
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

            SCO security resources:
                    http://www.sco.com/support/security/index.html

            SCO security advisories via email
                    http://www.sco.com/support/forums/security.html

            This security fix closes SCO incidents sr891394 fz530149
            erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
            CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512
            VU#817368 VU#286464.

    6. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this website and/or through our security
            advisories. Our advisories are a service to our customers
            intended to promote secure installation and use of SCO
            products.

    7. Acknowledgments

            SCO would like to thank Chris Evans for researching and
            reporting these vulnerabilities.

    ______________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

    iD8DBQFBZdG0aqoBO7ipriERAo4yAJ9Jq0kJcbjQ7Pi/aeRbTWk9zsk/owCffQxQ
    wl3Jg/u6CafJ0Pqm4OzB3cM=
    =y7cQ
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Gregory Gilliss: "Re: [Full-Disclosure] Quicky Analysis of a Proxy/Zombie Network"

    Relevant Pages