UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec
Advisory number: SCOSA-2005.34
Issue date: 2005 September 20
Cross reference: sr894564 fz532775 erg712889 CAN-2005-1544
______________________________________________________________________________
1. Problem Description
Tavis Ormandy has reported a vulnerability in libTIFF, which
potentially can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to a boundary error and can
be exploited to cause a buffer overflow via a specially crafted
TIFF image containing a malformed BitsPerSample tag.
Successful exploitation may allow execution of arbitrary code,
if a malicious TIFF image is opened in an application linked
against the vulnerable library.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name CAN-2005-1544 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 Libtiff distribution
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34
4.2 Verification
MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download tiff.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/tiff.pkg
5. References
Specific references for this advisory:
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
http://xforce.iss.net/xforce/xfdb/20533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544
http://secunia.com/advisories/15320
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr894564 fz532775
erg712889.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
The SCO Group would like to thank Travis Ormandy
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)
iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw
Gkiduk0ql3ar5iLEWYtpse0=
=w5vg
-----END PGP SIGNATURE-----