Boletines de Vulnerabilidades |
Desbordamiento de búfer en libtiff |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | GNU/Linux |
| Software afectado | libtiff |
Descripción |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en libtiff. La vulnerabilidad reside en el manejo de la etiqueta BitsPerSample. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante una imagen con formato TIFF especialmente diseñada que la víctima debe abrir. El código se ejecutaría con los privilegios del usuario que intente visualizar la imagen maliciosa. |
|
Solución |
|
|
Actualización de software Debian Linux (tiff) Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_alpha.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_sparc.deb SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34 SCO OpenServer 5.0.6 ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs210Ba_vol.tar OpenServer 5.0.7 ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar OpenServer 6.0.0 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/VOL.000.000 Mandriva Mandrakelinux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libtiff3-3.6.1-4.5.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libtiff3-devel-3.6.1-4.5.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libtiff3-static-devel-3.6.1-4.5.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.5.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.5.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.5.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm Corporate Server 2.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libtiff3-3.5.7-11.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libtiff3-3.5.7-11.8.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/libtiff-3.5.7-11.8.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-3.6.1-11.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-devel-3.6.1-11.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-static-devel-3.6.1-11.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-3.6.1-12.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-devel-3.6.1-12.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2005-1544 |
| BID | |
Recursos adicionales |
|
|
Debian Security Advisory DSA 755-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00141.html SCO Security Advisory (SCOSA-2005.34) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt SCO Security Advisory SCOSA-2006.3 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt Mandriva Security Advisory (MDKSA-2006:042) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:042 |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2005-07-13 |
| 1.1 | Aviso emitido por SCO (SCOSA-2005.34) | 2005-11-28 |
| 1.2 | Aviso emitido por SCO (SCOSA-2006.3) | 2006-01-04 |
| 1.3 | Aviso emitido por Mandriva (MDKSA-2006:042) | 2006-02-20 |
| 2.0 | Exploit público disponible | 2006-03-10 |