[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2006.3 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : LibTIFF BitsPerSample Tag Buffer Overflow Vulnerability

To: security-announce@xxxxxxxxxxxx
Subject: [Full-disclosure] SCOSA-2006.3 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : LibTIFF BitsPerSample Tag Buffer Overflow Vulnerability
From: security@xxxxxxx
Date: Tue, 3 Jan 2006 16:43:37 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : 
LibTIFF BitsPerSample Tag Buffer Overflow Vulnerability
Advisory number:        SCOSA-2006.3
Issue date:             2006 January 03
Cross reference:        sr894565 fz532776 erg712890
                        sr894563 fz532777 erg712888
                        CVE-2005-1544
______________________________________________________________________________


1. Problem Description

        Tavis Ormandy has reported a vulnerability in libTIFF, which
        potentially can be exploited by malicious people to compromise a
        vulnerable system.

        The vulnerability is caused due to a boundary error and can be
        exploited to cause a buffer overflow via a specially crafted
        TIFF image containing a malformed BitsPerSample tag.

        Successful exploitation may allow execution of arbitrary code,
        if a malicious TIFF image is opened in an application linked
        against the vulnerable library.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-1544 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.6                /usr/lib/libtiff.so.3
        OpenServer 5.0.7                /usr/lib/libtiff.so.3
        OpenServer 6.0.0                /usr/lib/libtiff.so.3
                                        /osr5/usr/lib/libtiff.so.3


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.6

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/


    4.2 Verification

        MD5 (gwxlibs210Ba_vol.tar) = 18213632bd0c5ff1e260eac90aae7033

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        Please see the following:

        
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs-2.1.0Ba.txt


5. OpenServer 5.0.7

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


    5.2 Verification

        MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    5.3 Installing Fixed Binaries

        See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
        and Installation Notes:

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


6. OpenServer 6.0.0

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3


    6.2 Verification

        MD5 (VOL.000.000) = b38ae14a80e730498581e6a4ce64aa11

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to a directory.

        2) Run the custom command, specify an install from media images,
           and specify the directory as the location of the images.


7. References

        Specific references for this advisory:
                http://bugzilla.remotesensing.org/show_bug.cgi
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544
                http://secunia.com/advisories/15320
                http://xforce.iss.net/xforce/xfdb/20533

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr894565 fz532776
        erg712890 sr894563 fz532777 erg712888.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

        The SCO Group would like to thank Travis Ormandy.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDuu8PaqoBO7ipriERAnokAJ0b8V8ydCVmO4nizzrPh7ltJQdwxwCfXAc5
jksfEo2hTVuUEczh19s+5+U=
=9qSn
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SCOSA-2006.2 OpenServer 5.0.7 OpenServer 6.0.0 : cpio Multiple Vulnerabilities
Next by Date: [Full-disclosure] Undeletable user account.
Previous by thread: [Full-disclosure] SCOSA-2006.2 OpenServer 5.0.7 OpenServer 6.0.0 : cpio Multiple Vulnerabilities
Next by thread: [Full-disclosure] Undeletable user account.
Index(es):
- Date
- Thread