Info

Disclosure

Dec 21, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in LibTIFF. The TIFFFetchStripThing() function fails to validate the nstrips variable resulting in a buffer overflow. With a specially crafted file, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.7.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sam Leffler

libtiff

3.6.1

References

Security Tracker: 1012651
Related OSVDB ID: 12555
Bugtraq ID: 13480
Secunia Advisory ID: 13607 13629 13666 13744 13746 13776 13850 13939 14893 15227
CVE ID: 2004-1307 (see also: NVD)
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19/SCOSA-2005.19.txt http://www.debian.org/security/2004/dsa-617
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:001
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:002
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0295.html
Vendor Specific Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000920
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html
Vendor URL: http://www.remotesensing.org/libtiff/
RedHat RHSA: RHSA-2005:019

Credit

infamous41md - infamous41mdhotpop.com -

Direct URL: http://osvdb.org/36218