|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1137] DSA-1137-1 tiff Vulnerability Assessment Details
|
[DSA1137] DSA-1137-1 tiff |
||
DSA-1137-1 tiff Detailed Explanation for this Vulnerability Assessment Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues: Several stack-buffer overflows have been discovered. A heap overflow vulnerability in the JPEG decoder may overrun a buffer with more data than expected. A heap overflow vulnerability in the PixarLog decoder may permit an attacker to execute arbitrary code. A heap overflow vulnerability has been discovered in the NeXT RLE decoder. An loop was discovered where a 16bit unsigned short was used to iterate over a 32bit unsigned value so that the loop would never terminate and continue forever. Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations designed to ensure the offsets specified in TIFF directories are legitimate. A flaw was also uncovered in libtiffs custom tag support which may result in abnormal behaviour, crashes, or potentially arbitrary code execution. For the stable distribution (sarge) these problems have been fixed in version 3.7.2-7. For the unstable distribution (sid) these problems have been fixed in version 3.8.2-6. We recommend that you upgrade your libtiff packages. Solution : http://www.debian.org/security/2006/dsa-1137 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi |
||
Cables, Connectors |
GENUINE CISCO QSFP-40/100-SRBD 100G QSFP Transceiver
$129.99
Cisco WAP371 IEEE 802.11ac 1.27 Gbit/s Wireless Access Point
$80.00
Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24
$117.00
GENUINE CISCO DS-SFP-FC32G-SW SFP NEW SEALED SEE PHOTOS SHIPS FREE
$74.99
Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W+ C3850-NM-4-1G Mod
$79.00
Cisco Nexus N3K-C3048TP-1GE 48 Port Switch w/ Dual Power - Same Day Shipping
$85.99
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping
$49.95
Cisco C9300-48U-A 48-Port Gig UPoE Network Advantage Switch -Same Day Shipping
$859.95
Cisco Nexus N3K-C3172PQ-XL 48P 10GbE SFP+ 4P QSFP+ Switch N3K-C3172PQ-XL-F
$229.00
|
||
No Discussions have been posted on this vulnerability. |