Boletines de Vulnerabilidades |
Desbordamiento de búfer en Tk toolkit |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
Tk toolkit <= 8.4.12 Tk toolkit <= 8.3.5 Sun Solaris 9 Sun Solaris 10 |
Descripción |
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en Tk toolkit en las versiones 8.4.12 y anteriores y en las versiones 8.3.5 y anteriores. La vulnerabilidad reside en un error en el archivo tkImgGIF.c en la función FileReadGIF. Un atacante remoto podría causar una denegación de servicio mediante un archivo GIF animado en el que la primera subimagen es más pequeña que la subsecuente subimagen. |
|
Solución |
|
Actualización de software Mandriva (MDKSA-2007:200) Corporate Server 3.0 X86 corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm Mandriva Linux 2007 X86 2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm 2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm 2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm X86_64 2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm 2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm Corporate Server 4.0 X86 corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm 2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm 2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm X86_64 2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0 X86 2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm 2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm 2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm X86_64 2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm 2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm 2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm Debian (DSA 1415-1) Source http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.diff.gz http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.dsc Architecture independent http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge1_all.deb alpha http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_alpha.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_alpha.deb amd64 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_amd64.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_amd64.deb arm http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_arm.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_arm.deb hppa http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_hppa.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_hppa.deb i386 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_i386.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_i386.deb ia64 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_ia64.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_ia64.deb m68k http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_m68k.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_m68k.deb mips http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mips.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mips.deb mipsel http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mipsel.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_powerpc.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_powerpc.deb s390 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_s390.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_s390.deb Debian Linux Source http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.diff.gz http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.dsc http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch1_all.deb alpha http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_alpha.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_alpha.deb amd64 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_amd64.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_amd64.deb arm http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_arm.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_arm.deb hppa http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_hppa.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_i386.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_ia64.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_ia64.deb mips http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mips.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mips.deb mipsel http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mipsel.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_powerpc.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_powerpc.deb s390 http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_s390.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_s390.deb sparc http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_sparc.deb http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_sparc.deb Debian (DSA 1416-1) Debian Linux Source http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.dsc http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.diff.gz http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch1_all.deb alpha http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_alpha.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_alpha.deb amd64 http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_amd64.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_amd64.deb arm http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_arm.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_arm.deb hppa http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_hppa.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_i386.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_ia64.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_ia64.deb mips http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mips.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mips.deb mipsel http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mipsel.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_powerpc.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_powerpc.deb s390 http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_s390.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_s390.deb sparc http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_sparc.deb http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_sparc.deb Red Hat (RHSA-2008:0134-3) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 para Itanium Processor https://rhn.redhat.com/ Red Hat (RHSA-2008:0135-2) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Sun (237465) Solaris 9 / SPARC / patch 137910-01 Solaris 10 / SPARC / patch 137871-01 Solaris 9 / x86 / patch 137911-01 Solaris 10 / x86 / patch 137872-01 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Debian (DSA-1743-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.diff.gz http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.dsc alpha (DEC Alpha) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_arm.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_sparc.deb Debian (DSA-1743-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.diff.gz http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release.orig.tar.gz http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.dsc Arquitectura independiente: http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-doc_1.3-release-7+lenny1_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_alpha.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_amd64.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_arm.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_arm.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_i386.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_ia64.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mips.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mipsel.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_powerpc.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_s390.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_sparc.deb http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_sparc.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-5378 |
BID | 26056 |
Recursos adicionales |
|
Mandriva Security Advisory (MDKSA-2007:200) http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 Debian Security Advisory (DSA 1415-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00195.html Debian Security Advisory (DSA 1416-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00196.html Red Hat Security Advisory (RHSA-2008:0134-3) http://rhn.redhat.com/errata/RHSA-2008-0134.html Red Hat Security Advisory (RHSA-2008:0135-2) http://rhn.redhat.com/errata/RHSA-2008-0135.html Sun Alert Notification (237465) http://sunsolve.sun.com/search/document.do?assetkey=1-66-237465-1 Debian Security Advisory (DSA-1743-1) http://lists.debian.org/debian-security-announce/2009/msg00053.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-10-22 |
1.1 | Aviso emitido por Debian (DSA 1415-1), aviso emitido por Debian (DSA 1416-1) | 2007-11-28 |
1.2 | Aviso emitido por Red Hat (RHSA-2008:0134-3), aviso emitido por Red Hat (RHSA-2008:0135-2) | 2008-02-25 |
1.3 | Aviso emitido por Sun (237465) | 2008-05-14 |
1.4 | Aviso emitido por Debian (DSA-1743-1) | 2009-03-20 |