Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en libTIFF |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | libTIFF |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en la librería libTIFF. Las vulnerabilidades son descritas a continuación: - CAN-2006-2024: Múltiples vulnerabilidades podrían permitir a un atacante remoto provocar una denegación de servicio mediante una imagen tiff especialmente diseñada. - CAN-2006-2025: Vulnerabilidad de desbordamiento de entero en la función TIFFFetchData en tif_dirread.c. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una denegación de servicio, o incluso llegar a ejecutar código arbitrario, mediante una imagen tiff especialmente diseñada. - CAN-2006-2026: Vulnerabilidad de "doble-free" localizada en tif_jpeg.c podría permitir a un atacante remoto provocar una denegación de servicio, o incluso llegar a ejecutar código arbitrario, mediante una imagen tiff especialmente diseñada. - CVE-2006-2120: Vulnerabilidad en la función TIFFToRGB que reside en una lectura de memoria incorrecta. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una denegación de servicio mediante una imagen tiff especialmente diseñada. Pueden verse afectadas por esta vulnerabilidad aplicaciones que utilicen versiones vulnerables de la librería libTIFF. |
|
Solución |
|
|
Actualización de software Debian Linux Debian Linux 3.0 Source archives http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb Red Hat Linux Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Debian Linux (DSA 1078-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_alpha.deb AMD64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_amd64.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux SGI Advanced Linux Environment 3 / RPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Sun (201332) Solaris 10 / SPARC / patch 119900-03 Solaris 10 / x86 / patch 119901-03 Solaris 9 / SPARC / patch 125673-01 Solaris 9 / x86 / patch 125674-01 Solaris 8 / SPARC / patch 139093-01 Solaris 8 / x86 / patch 139094-01 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2006-2024 CVE-2006-2025 CVE-2006-2026 CVE-2006-2120 |
| BID |
17730 17732 17733 17809 |
Recursos adicionales |
|
|
Debian Security Advisory DSA 1054-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00139.html Debian Security Advisory DSA 1078-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00164.html Red Hat Security Advisory RHSA-2006:0425-5 https://rhn.redhat.com/errata/RHSA-2006-0425.html SUSE Security Advisory (SUSE-SR:2006:009) http://www.novell.com/linux/security/advisories/2006_04_28.html SGI Security Advisory (20060501-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc Sun Alert Notification (103099) http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1 Sun Alert Notification (201332) http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2006-05-10 |
| 1.1 | Aviso emitido por Debian (DSA 1078-1) | 2006-05-29 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2006:009). Aviso emitido por SGI (20060501-01-U) | 2006-05-30 |
| 2.0 | Exploit público disponible. BID añadido | 2006-06-01 |
| 2.1 | Aviso emitido por Sun (103099) | 2007-11-14 |
| 2.2 | Aviso actualizado por Sun (103099) | 2007-11-30 |
| 2.3 | Aviso actualizado por Sun (201332) | 2008-09-04 |