Miembros de
Boletines de Vulnerabilidades |
Desbordamiento de búfer en libtiff |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | libtiff <= 3.8.2 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en libtiff 3.8.2 y anteriores. La vulnerabilidad reside en un error al manejar ciertos caracteres UTF-8 en la función "t2p_write_pdf_string" en "tiff2pdf". Un atacante remoto podría causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un fichero TIFF con una etiqueta "DocumentName" que contenga ciertos caracteres UTF-8. |
|
Solución |
|
|
Actualización de software Debian Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_alpha.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.dsc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.diff.gz http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_alpha.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_alpha.deb AMD64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_amd64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_amd64.deb ARM http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_arm.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_i386.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_ia64.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_ia64.deb HP Precision http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_hppa.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_m68k.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mips.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mipsel.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_powerpc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_s390.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_sparc.deb http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_sparc.deb Mandriva Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-devel-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff3-static-devel-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libtiff-progs-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/libtiff-3.6.1-11.5.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.5.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.5.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.5.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libtiff3-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libtiff3-devel-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libtiff3-static-devel-3.6.1-11.5.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.5.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/libtiff-3.6.1-11.5.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-devel-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libtiff-progs-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/libtiff-3.6.1-12.4.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libtiff3-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/libtiff-3.6.1-12.4.20060mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Sun(103160) Solaris 10 / SPARC / patch 119900-04 Solaris 10 / SPARC / patch 119901-04 De momento, no existe parche oficial para esta vulnerabilidad para Solaris 8 y Solaris 9. http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Red Hat (RHSA-2008:0848-7) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2006-2193 |
| BID | |
Recursos adicionales |
|
|
Debian Security Advisory (DSA 1091-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00177.html Mandriva Security Advisory (MDKSA-2006:102) http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 SUSE Security Advisory (SUSE-SR:2006:014) http://www.novell.com/linux/security/advisories/2006_14_sr.html Sun Alert Notification (103160) http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 Red Hat Security Advisory (RHSA-2008:0848-7) https://rhn.redhat.com/errata/RHSA-2008-0848.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2006-06-09 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2006:102) | 2006-06-17 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2006:014) | 2006-06-22 |
| 1.3 | Aviso emitido por Sun (103160) | 2007-11-29 |
| 1.4 | Aviso emitido por Red Hat (RHSA-2008:0848-7) | 2008-08-29 |