LibTIFF Heap Corruption整数溢出漏洞

漏洞信息详情

LibTIFF Heap Corruption整数溢出漏洞

• CNNVD编号：CNNVD-200412-081
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1307
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-12-21
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-02-05
  
• 厂        商：
  
  sun
• 漏洞来源：
  Discovery credited…

libtiff 3.6.1版本中tif_dirread.c的TIFFFetchStripThing函数存在整数溢出漏洞。远程攻击者借助一个带有STRIPOFFSETS标志和大量strips的TIFF文件执行任意代码，引发分配零字节缓冲区，并导致基于堆的缓冲区溢出。

Fixes are available. Please see the references for details.
Sun Solaris 8

• Sun 109931-10
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -109931-10-1

Sun Solaris 10

• Sun 119900-01
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -119900-01-1

Sun Solaris 10.0_x86

• Sun 119901-01
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -119901-01-1

Sun Solaris 7.0

• Sun 118953-02
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -118953-02-1

Sun Solaris 9

• Sun 114219-11
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -114219-11-1

Sun Solaris 9_x86 Update 2

• Sun 114220-11
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -114220-11-1

Sun Solaris 9_x86

• Sun 114220-11
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -114220-11-1

Sun Solaris 7.0_x86

• Sun 118954-02
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -118954-02-1

Sun Solaris 8_x86

• Sun 109932-10
  
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
  -109932-10-1

Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2005-005Pan.dmg
  
  http://www.apple.com/support/downloads/securityupdate2005005server.htm
  l

Apple Mac OS X 10.3.9

• Apple SecUpd2005-005Pan.dmg
  
  http://www.apple.com/support/downloads/securityupdate2005005client.htm
  l

SGI ProPack 3.0

• SGI patch10137.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101
  37.tar.gz

LibTIFF LibTIFF 3.4

• libtiff tiff-3.7.1.tar.gz
  ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz

LibTIFF LibTIFF 3.5.1

• libtiff tiff-3.7.1.tar.gz
  ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz

LibTIFF LibTIFF 3.5.2

• libtiff tiff-3.7.1.tar.gz
  ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz

LibTIFF LibTIFF 3.5.3

• libtiff tiff-3.7.1.tar.gz
  ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz

LibTIFF LibTIFF 3.5.4

• libtiff tiff-3.7.1.tar.gz
  ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz

LibTIFF LibTIFF 3.5.5

• Debian libtiff-tools_3.5.5-6.woody3_alpha.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_alpha.deb
• Debian libtiff-tools_3.5.5-6.woody3_arm.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_arm.deb
• Debian libtiff-tools_3.5.5-6.woody3_hppa.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_hppa.deb
• Debian libtiff-tools_3.5.5-6.woody3_i386.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_i386.deb
• Debian libtiff-tools_3.5.5-6.woody3_ia64.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_ia64.deb
• Debian libtiff-tools_3.5.5-6.woody3_m68k.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_m68k.deb
• Debian libtiff-tools_3.5.5-6.woody3_mips.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_mips.deb
• Debian libtiff-tools_3.5.5-6.woody3_mipsel.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_mipsel.deb
• Debian libtiff-tools_3.5.5-6.woody3_powerpc.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_powerpc.deb
• Debian libtiff-tools_3.5.5-6.woody3_s390.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_s390.deb
• Debian libtiff-tools_3.5.5-6.woody3_sparc.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.
  5-6.woody3_sparc.deb
• Debian libtiff3g-dev_3.5.5-6.woody3_alpha.debDebian GNU/Linux 3.0

来源:US-CERT Vulnerability Note: VU#539110
名称: VU#539110
链接:http://www.kb.cert.org/vuls/id/539110

来源:US-CERT Technical Alert: TA05-136A
名称: TA05-136A
链接:http://www.us-cert.gov/cas/techalerts/TA05-136A.html

来源: IDEFENSE
名称: 20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability
链接:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true

来源: APPLE
名称: APPLE-SA-2005-05-03
链接:http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

来源: SUNALERT
名称: 201072
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1

来源: OVAL
名称: oval:org.mitre.oval:def:11175
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11175

来源: SUNALERT
名称: 101677
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1