Vulnerability Bulletins

int(1898)

Vulnerability Bulletins

Desbordamiento de búfer en xloadimage y xli
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	xloadimage <= 4.1 xli
Description
Se han descubierto varias vulnerabilidades de desbordamiento de búfer en xloadimage 4.1 y anteriores y en xli. Las vulnerabilidades residen en que las operaciones "zoom", "reduce", y "rotate" no validan ciertos parámetros. Un atacante remoto podría ejecutar código arbitrario mediante un fichero NIFF con un nombre especialmente diseñado.
Solution
Actualización de software Debian (xloadimage) Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.dsc http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.diff.gz http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_alpha.deb ARM http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.dsc http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.diff.gz http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_alpha.deb AMD64 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_amd64.deb ARM http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_ia64.deb HP Precision http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_sparc.deb Debian (xli) Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.dsc http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.diff.gz http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_alpha.deb ARM http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_sparc.deb Debian Linux 3.1 Source archives: http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.dsc http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.diff.gz http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_sparc.deb Red Hat (xloadimage) Red Hat Desktop (v. 3) / SRPMS xloadimage-4.1-36.RHEL3.src.rpm Red Hat Desktop (v. 3) / IA-32 xloadimage-4.1-36.RHEL3.i386.rpm Red Hat Desktop (v. 3) / x86_64 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS xloadimage-4.1-36.RHEL4.src.rpm Red Hat Desktop (v. 4) / IA-32 xloadimage-4.1-36.RHEL4.i386.rpm Red Hat Desktop (v. 4) / x86_64 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS xloadimage-4.1-36.RHEL2.1.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 xloadimage-4.1-36.RHEL2.1.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 xloadimage-4.1-36.RHEL2.1.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS xloadimage-4.1-36.RHEL3.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 xloadimage-4.1-36.RHEL3.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 xloadimage-4.1-36.RHEL3.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC xloadimage-4.1-36.RHEL3.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 xloadimage-4.1-36.RHEL3.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x xloadimage-4.1-36.RHEL3.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS xloadimage-4.1-36.RHEL4.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 xloadimage-4.1-36.RHEL4.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 xloadimage-4.1-36.RHEL4.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC xloadimage-4.1-36.RHEL4.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 xloadimage-4.1-36.RHEL4.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x xloadimage-4.1-36.RHEL4.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS xloadimage-4.1-36.RHEL2.1.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 xloadimage-4.1-36.RHEL2.1.i386.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS xloadimage-4.1-36.RHEL3.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 xloadimage-4.1-36.RHEL3.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 xloadimage-4.1-36.RHEL3.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS xloadimage-4.1-36.RHEL4.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 xloadimage-4.1-36.RHEL4.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 xloadimage-4.1-36.RHEL4.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS xloadimage-4.1-36.RHEL2.1.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 xloadimage-4.1-36.RHEL2.1.i386.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS xloadimage-4.1-36.RHEL3.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 xloadimage-4.1-36.RHEL3.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 xloadimage-4.1-36.RHEL3.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS xloadimage-4.1-36.RHEL4.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 xloadimage-4.1-36.RHEL4.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 xloadimage-4.1-36.RHEL4.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS xloadimage-4.1-36.RHEL2.1.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 xloadimage-4.1-36.RHEL2.1.ia64.rpm Mandriva (xli) Corporate Server 2.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xli-1.17.0-8.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xli-1.17.0-8.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xli-1.17.0-8.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xli-1.17.0-8.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux SGI Advanced Linux Environment 3 / RPM / Patch 10235 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10235 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SCO UnixWare 7.1.3 UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.56/p533253.image OpenServer 5.0.6 OpenServer 5.0.7 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62/p533253.507_vol.tar OpenServer 6.0.0 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62/p533253.600_vol.tar
Standar resources
Property	Value
CVE	CAN-2005-3178
BID
Other resources
Debian Security Advisory (DSA 858-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00252.html Debian Security Advisory (DSA 859-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00253.html Red Hat Security Advisory (RHSA-2005:802-4) https://rhn.redhat.com/errata/RHSA-2005-802.html Mandriva Security Advisory (MDKSA-2005:192) http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:192 SUSE Security Advisory (SUSE-SR:2005:024) http://www.novell.com/linux/security/advisories/2005_24_sr.html SGI Security Advisory (20051003-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051003-01-U.asc SCO Security Advisory SCOSA-2005.56 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.56/SCOSA-2005.56.txt SCO Security Advisory SCOSA-2005.62 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62/SCOSA-2005.62.txt

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-10-18
1.1	Aviso emitido por Red Hat (RHSA-2005:802-4). Aviso emitido por Mandriva (MDKSA-2005:192). Aviso emitido por Suse (SUSE-SR:2005:024)	2005-10-25
1.2	Aviso emitido por SGI (20051003-01-U)	2005-10-26
1.3	Aviso emitido por SCO (SCOSA-2005.56)	2005-12-19
1.4	Aviso emitido por SCO (SCOSA-2005.62)	2005-12-22

Vulnerability Bulletins

Desbordamiento de búfer en xloadimage y xli

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history