|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2006:137: libtiff Vulnerability Assessment Details
|
MDKSA-2006:137: libtiff |
||
Check for the version of the libtiff package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2006:137 (libtiff). Tavis Ormandy, Google Security Team, discovered several vulnerabilites the libtiff image processing library: Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is used to read two unsigned shorts from the input file. While a bounds check is performed via CheckDirCount(), no action is taken on the result permiting a pathological tdir_count to read an arbitrary number of unsigned shorts onto a stack buffer. (CVE-2006-3459) A heap overflow vulnerability was discovered in the jpeg decoder, where TIFFScanLineSize() is documented to return the size in bytes that a subsequent call to TIFFReadScanline() would write, however the encoded jpeg stream may disagree with these results and overrun the buffer with more data than expected. (CVE-2006-3460) Another heap overflow exists in the PixarLog decoder where a run length encoded data stream may specify a stride that is not an exact multiple of the number of samples. The result is that on the final decode operation the destination buffer is overrun, potentially permiting a possible hacker to execute arbitrary code. (CVE-2006-3461) The NeXT RLE decoder was also vulnerable to a heap overflow vulnerability, where no bounds checking was performed on the result of certain RLE decoding operations. This was solved by ensuring the number of pixels written did not exceed the size of the scanline buffer already prepared. (CVE-2006-3462) An infinite loop was discovered in EstimateStripByteCounts(), where a 16bit unsigned short was used to iterate over a 32bit unsigned value, should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the loop would never terminate and continue forever. (CVE-2006-3463) Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations deisgned to ensure the offsets specified in tiff directories are legitimate. These can be caused to wrap for extreme values, bypassing sanity checks. Additionally, a number of codepaths were uncovered where assertions did not hold true, resulting in the client application calling abort(). (CVE-2006-3464) A flaw was also uncovered in libtiffs custom tag support, as documented here http://www.libtiff.org/v3.6.0.html. While well formed tiff files must have correctly ordered directories, libtiff attempts to support broken images that do not. However in certain circumstances, creating anonymous fields prior to merging field information from codec information can result in recognised fields with unexpected values. This state results in abnormal behaviour, crashes, or potentially arbitrary code execution. (CVE-2006-3465) The updated packages have been patched to correct these issues. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:137 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
Supermicro 4U 4x Nvidia GPU AI Server 3.8Ghz 8-Core 512GB 2x10G SFP+ 2x2200W
$3848.00
Supermicro 4U 4x Nvidia GPU AI Server 3.8Ghz 8-Core 256GB 2x10G SFP+ 2x2200W
$3472.00
Supermicro 4U 4x Nvidia GPU AI Server 3.8Ghz 8-Core 64GB 2x10G SFP+ 2x2200W
$3180.00
Supermicro 4U 4x Nvidia GPU AI Server 3.6Ghz 8-Core 768GB 2x10G SFP+ 2x2200W
$2292.00
Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ...
$689.99
Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...
$489.99
AMD Ryzen 7 5700X 8-core 16-thread Desktop Processor
$155.00
HP EliteDesk 800 G3 Mini 35W 8GB Ram Intel Core i5 vPro 7th Gen. No SSD/No OS
$49.99
CyberPowerPC GXIVR8060A10 (500GB, Intel Core i5 10th Gen., 2.90GHz, 8GB) Gaming
$200.00
Dell Precision 3420 SFF Intel Core i5-6500 8GB RAM 256GB SSD WIN 11
$75.00
|
||
No Discussions have been posted on this vulnerability. |