<<< Date Index >>>     <<< Thread Index >>>

UnixWare 7.1.4 : libtiff Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 : libtiff Multiple vulnerabilities
Advisory number:        SCOSA-2005.19
Issue date:             2005 April 07
Cross reference:        sr892971 fz531015 erg712790 CAN-2004-0803 CAN-2004-0804 
CAN-2004-0886 CAN-2004-0929 CAN-2004-1183 CAN-2004-1308
______________________________________________________________________________


1. Problem Description

        Updated libtiff fixes several vulnerabilities:

        Multiple vulnerabilities in the RLE (run length encoding)
        decoders for libtiff 3.6.1 and earlier, related to buffer
        overflows and integer overflows, allow remote attackers to
        execute arbitrary code via TIFF files. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned th e name CAN-2004-0803 to this issue. 

        Vulnerability in in tif_dirread.c for libtiff allows remote
        attackers to cause a denial of service (application crash)
        via a TIFF image that causes a divide-by-zero error when
        the number of row bytes is zero.

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0804 to this issue. 

        Multiple integer overflows in libtiff 3.6.1 and earlier allow 
        remote attackers to cause a denial of service (crash or memory 
        corruption) via TIFF images that lead to incorrect malloc calls.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned th e name CAN-2004-0886 to this issue.
 
        Heap-based buffer overflow in the OJPEGVSetField function
        in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled
        with the OJPEG_SUPPORT (old JPEG support) option, allows
        remote attackers to execute arbitrary code via a malformed
        TIFF image.

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned th e name CAN-2004-0929 to this issue.

        Integer overflow in the tiffdump utility for libtiff 3.7.1 and 
        earlier allows remote attackers to cause a denial of service 
        (application crash) and possibly execute arbitrary code via a 
        crafted TIFF file.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned th e name CAN-2004-1183 to this issue.

        Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c
        for libtiff 3.5.7 and 3.7.0 allows remote attackers to
        execute arbitrary code via a TIFF file containing a TIFF_ASCII
        or TIFF_UNDEFINED directory entry with a -1 entry count,
        which leads to a heap-based buffer overflow.

        The Common Vulnerabilities and Exposures project (cve.mitre.org) has
        assigned the name CAN-2004-1308 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  libtiff distribution

3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19

        4.2 Verification

        MD5 (tiff.image) = c9f976565559059f1ae413886a43c063

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download tiff.image to the /var/spool/pkg directory

        # pkgadd -d /var/spool/pkg/tiff.image


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0929 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr892971 fz531015
        erg712790.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        SCO would like to thank iDEFENSE and infamous41md[at]hotpop.com

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVZtCaqoBO7ipriERAq0NAKCJyEGo562Bx4SGIYb7DQnXycvavACfXj9H
MFkNw5rfq8K3bHt9nip2nQ0=
=cjWx
-----END PGP SIGNATURE-----