Re: [Full-disclosure] UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 09/21/05

  • Next message: Paul: "RE: [Full-disclosure] phpBB 2.0.17 remote avatar size bug"
    Date: Tue, 20 Sep 2005 23:37:57 +0100
    To: please_reply_to_security@sco.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Wow!!

    Are they still around??

    xyberpix

    On 20 Sep 2005, at 23:30, please_reply_to_security@sco.com wrote:

    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    >
    > ______________________________________________________________________
    > ________
    >
    > SCO Security Advisory
    >
    > Subject: UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code
    > exec
    > Advisory number: SCOSA-2005.34
    > Issue date: 2005 September 20
    > Cross reference: sr894564 fz532775 erg712889 CAN-2005-1544
    > ______________________________________________________________________
    > ________
    >
    >
    > 1. Problem Description
    >
    > Tavis Ormandy has reported a vulnerability in libTIFF, which
    > potentially can be exploited by malicious people to compromise
    > a vulnerable system.
    >
    > The vulnerability is caused due to a boundary error and can
    > be exploited to cause a buffer overflow via a specially crafted
    > TIFF image containing a malformed BitsPerSample tag.
    >
    > Successful exploitation may allow execution of arbitrary code,
    > if a malicious TIFF image is opened in an application linked
    > against the vulnerable library.
    >
    > The Common Vulnerabilities and Exposures project (cve.mitre.org)
    > has assigned the following name CAN-2005-1544 to this issue.
    >
    >
    > 2. Vulnerable Supported Versions
    >
    > System Binaries
    >
    > ----------------------------------------------------------------------
    > UnixWare 7.1.4 Libtiff distribution
    >
    > 3. Solution
    >
    > The proper solution is to install the latest packages.
    >
    >
    > 4. UnixWare 7.1.4
    >
    > 4.1 Location of Fixed Binaries
    >
    > ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34
    >
    > 4.2 Verification
    >
    > MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665
    >
    > md5 is available for download from
    > ftp://ftp.sco.com/pub/security/tools
    >
    > 4.3 Installing Fixed Binaries
    >
    > Upgrade the affected binaries with the following sequence:
    >
    > Download tiff.pkg to the /var/spool/pkg directory
    >
    > # pkgadd -d /var/spool/pkg/tiff.pkg
    >
    >
    > 5. References
    >
    > Specific references for this advisory:
    > http://bugzilla.remotesensing.org/show_bug.cgi?id=843
    > http://xforce.iss.net/xforce/xfdb/20533
    > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544
    > http://secunia.com/advisories/15320
    >
    > SCO security resources:
    > http://www.sco.com/support/security/index.html
    >
    > SCO security advisories via email
    > http://www.sco.com/support/forums/security.html
    >
    > This security fix closes SCO incidents sr894564 fz532775
    > erg712889.
    >
    >
    > 6. Disclaimer
    >
    > SCO is not responsible for the misuse of any of the information
    > we provide on this website and/or through our security
    > advisories. Our advisories are a service to our customers
    > intended to promote secure installation and use of SCO
    > products.
    >
    >
    > 7. Acknowledgments
    >
    > The SCO Group would like to thank Travis Ormandy
    >
    > ______________________________________________________________________
    > ________
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.2 (SCO/SYSV)
    >
    > iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw
    > Gkiduk0ql3ar5iLEWYtpse0=
    > =w5vg
    > -----END PGP SIGNATURE-----
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia - http://secunia.com/
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (Darwin)

    iD8DBQFDMI9FcRMkOnlkwMERAogVAJ9iIcu5rcvOBUZwz07rKr7kCKFhXACfQ5sR
    HbqOOFF+stywNweLcAK9tWY=
    =KSpL
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Paul: "RE: [Full-disclosure] phpBB 2.0.17 remote avatar size bug"

    Relevant Pages