Info

Disclosure

Dec 21, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in LibTIFF. The tdir_count variable is not validated before being passed to CheckMalloc() resulting in a heap overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sam Leffler	libtiff	3.5.7
		3.7.0

References

Bugtraq ID: 12075 13480
Related OSVDB ID: 12556
CERT VU: 125598
Secunia Advisory ID: 13607 13629 13666 13744 13746 13776 13850 13939 14893 15227 17645
ISS X-Force ID: 18637
CVE ID: 2004-1308 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000920
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1
http://tech.f5.com/home/ism/releasenotes/relnotes1_3_7.html#new_fix
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19/SCOSA-2005.19.txt http://docs.info.apple.com/article.html?artnum=301528
http://www.debian.org/security/2004/dsa-617
http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:001
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:002
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0294.html
Vendor URL: http://www.remotesensing.org/libtiff/
CIAC Advisory: p-082
RedHat RHSA: RHSA-2005:019
Keyword: SCOSA-2005.49

Credit

infamous41md - infamous41mdhotpop.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sam Leffler

libtiff

References

Credit