CVE-2004-1183
CVSS5.1
发布时间 :2005-01-06 00:00:00
修订时间 :2016-10-17 22:52:05
NMCOS    

[原文]Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.


[CNNVD]libtiff tiffdump 整数溢出漏洞(CNNVD-200501-011)

        LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
        libtiff 3.7.1及之前版本的tiffdump存在整数溢出。
        远程攻击者可以借助特制的TIFF文件造成拒绝服务(应用程序崩溃),并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:libtiff:libtiff:3.4LibTIFF 3.4
cpe:/a:libtiff:libtiff:3.5.3LibTIFF 3.5.3
cpe:/a:libtiff:libtiff:3.7.1LibTIFF 3.7.1
cpe:/a:libtiff:libtiff:3.5.2LibTIFF 3.5.2
cpe:/a:libtiff:libtiff:3.6.1LibTIFF 3.6.1
cpe:/a:libtiff:libtiff:3.7.0LibTIFF 3.7.0
cpe:/a:libtiff:libtiff:3.5.1LibTIFF 3.5.1
cpe:/a:libtiff:libtiff:3.6.0LibTIFF 3.6.0
cpe:/a:libtiff:libtiff:3.5.7LibTIFF 3.5.7
cpe:/a:libtiff:libtiff:3.5.6LibTIFF 3.5.6
cpe:/a:libtiff:libtiff:3.5.5LibTIFF 3.5.5
cpe:/a:libtiff:libtiff:3.5.4LibTIFF 3.5.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9743Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application cra...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1183
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1183
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-011
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920
(UNKNOWN)  CONECTIVA  CLA-2005:920
http://marc.info/?l=bugtraq&m=110503635113419&w=2
(UNKNOWN)  BUGTRAQ  20050106 [USN-54-1] TIFF library tool vulnerability
http://security.gentoo.org/glsa/glsa-200501-06.xml
(PATCH)  GENTOO  GLSA-200501-06
http://www.mandriva.com/security/advisories?name=MDKSA-2005:001
(UNKNOWN)  MANDRAKE  MDKSA-2005:001
http://www.mandriva.com/security/advisories?name=MDKSA-2005:002
(UNKNOWN)  MANDRAKE  MDKSA-2005:002
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
(UNKNOWN)  MANDRAKE  MDKSA-2005:052
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html
(PATCH)  SUSE  SUSE-SA:2005:001
http://www.redhat.com/support/errata/RHSA-2005-019.html
(UNKNOWN)  REDHAT  RHSA-2005:019
http://www.redhat.com/support/errata/RHSA-2005-035.html
(UNKNOWN)  REDHAT  RHSA-2005:035
http://www.securityfocus.com/bid/12173
(UNKNOWN)  BID  12173
http://xforce.iss.net/xforce/xfdb/18782
(UNKNOWN)  XF  libtiff-tiffdump-bo(18782)

- 漏洞信息

libtiff tiffdump 整数溢出漏洞
中危 缓冲区溢出
2005-01-06 00:00:00 2005-10-20 00:00:00
远程  
        LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
        libtiff 3.7.1及之前版本的tiffdump存在整数溢出。
        远程攻击者可以借助特制的TIFF文件造成拒绝服务(应用程序崩溃),并可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://libtiff.maptools.org/

- 漏洞信息

12724
LibTIFF tiffdump Utility Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in LibTIFF. LibTIFF fails to properly check into to the tiffdump utility resulting in a integer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

- 时间线

2005-01-06 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known official upgrades, patches, or workarounds available to correct this issue. Various Linux distributions are providing upgrades.

- 相关参考

- 漏洞作者

- 漏洞信息

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability
Boundary Condition Error 12173
Yes No
2005-01-05 12:00:00 2009-07-12 09:27:00
Dmitry V. Levin is credited with the discovery of this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SGI ProPack 3.0
SCO Unixware 7.1.4
Red Hat Fedora Core3
Red Hat Fedora Core2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
LibTIFF LibTIFF 3.6.1
+ Gentoo Linux 1.4
+ Gentoo Linux
+ OpenPKG OpenPKG Current
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
LibTIFF LibTIFF 3.6 .0
LibTIFF LibTIFF 3.5.7
+ Red Hat Fedora Core2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
LibTIFF LibTIFF 3.5.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
LibTIFF LibTIFF 3.5.4
LibTIFF LibTIFF 3.5.3
LibTIFF LibTIFF 3.5.2
LibTIFF LibTIFF 3.5.1
LibTIFF LibTIFF 3.4
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN

- 漏洞讨论

It has been reported that 'tiffdump' is affected by a heap corruption vulnerability due to an integer overflow error that can be triggered when malicious or malformed image files are processed. Theoretically, an attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application when TIFF image data is processed. Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

SCO has released an advisory (SCOSA-2005.19) and fixes to address this issue for UnixWare platforms. Please see the referenced advisory for further information.

RedHat has released two advisories called FEDORA-2005-597 and FEDORA-2005-598 to address this issue in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200501-06 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1"
Please see the referenced advisory for further information.

Debian GNU/Linux has released advisory DSA 626-1 to address this issue. Please see the referenced advisory for further information.

Ubuntu Linux has released advisory USN-54-1 to address this issue. Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:001 to address various issues in libtiff. Please see the referenced advisory for more information.

Mandrake has released an advisory MDKSA-2005:002 to address various issues in wxGTK2. Please see the referenced advisory for more information.

SUSE has released advisory SUSE-SA:2005:001 to address various issues in libtiff. Please see the referenced advisory for more information.

Red Hat has released an advisory (RHSA-2005:019-11) to address issues in libtiff. Please see the advisory in Web references for more information.

TurboLinux has released a security announcement and fixes to address this and other vulnerabilities. Please see the referenced announcement for further information regarding obtaining and applying appropriate updates.

Conectiva had released advisory CLA-2005:920 to address various issues in libtiff3. Please see the referenced advisory for more information.

SGI has released advisory 20050101-01-U (SGI Advanced Linux Environment 3 Security Update #23) to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages and patch 10137. Please see the referenced advisory for more information.

Avaya has released advisory ASA-2005-021 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:052 to address various issues affecting kdegraphics. Please see the referenced advisory for more information.


SGI ProPack 3.0

LibTIFF LibTIFF 3.5.5

LibTIFF LibTIFF 3.5.7

LibTIFF LibTIFF 3.6.1

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站