CVE-2004-1308
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2010-08-21 00:22:11
NMCOS    

[原文]Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.


[CNNVD]LibTIFF 多个 整数溢出漏洞(CNNVD-200501-190)

        libTiff是一款开源的TIFF文件处理库。
        libtiff 3.5.7及3.7.0中tif_dirread.c和tif_fax3.c存在整数溢出漏洞。
        远程攻击者可以通过一个特殊构造的TIFF_ASCII或TIFF_UNDEFINED目录条目为-1的TIFF文件触发栈溢出,执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:libtiff:libtiff:3.5.5LibTIFF 3.5.5
cpe:/a:libtiff:libtiff:3.7.0LibTIFF 3.7.0
cpe:/a:libtiff:libtiff:3.5.3LibTIFF 3.5.3
cpe:/a:libtiff:libtiff:3.5.2LibTIFF 3.5.2
cpe:/a:libtiff:libtiff:3.4LibTIFF 3.4
cpe:/a:libtiff:libtiff:3.6.1LibTIFF 3.6.1
cpe:/a:libtiff:libtiff:3.6.0LibTIFF 3.6.0
cpe:/a:libtiff:libtiff:3.5.7LibTIFF 3.5.7
cpe:/a:libtiff:libtiff:3.5.4LibTIFF 3.5.4
cpe:/a:libtiff:libtiff:3.5.1LibTIFF 3.5.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9392Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a...
oval:org.mitre.oval:def:100117libtiff Directory Entry Count Integer Overflow Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1308
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1308
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-190
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/125598
(UNKNOWN)  CERT-VN  VU#125598
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
(UNKNOWN)  CERT  TA05-136A
http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20041221 libtiff Directory Entry Count Integer Overflow Vulnerability
http://xforce.iss.net/xforce/xfdb/18637
(UNKNOWN)  XF  libtiff-tiff-tdircount-bo(18637)
http://www.redhat.com/support/errata/RHSA-2005-035.html
(UNKNOWN)  REDHAT  RHSA-2005:035
http://www.redhat.com/support/errata/RHSA-2005-019.html
(UNKNOWN)  REDHAT  RHSA-2005:019
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html
(UNKNOWN)  SUSE  SUSE-SA:2005:001
http://www.debian.org/security/2004/dsa-617
(UNKNOWN)  DEBIAN  DSA-617
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
(UNKNOWN)  SUNALERT  201072
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2005-05-03
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
(UNKNOWN)  MANDRAKE  MDKSA-2005:052
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
(UNKNOWN)  SUNALERT  101677
http://secunia.com/advisories/13776
(UNKNOWN)  SECUNIA  13776
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920
(UNKNOWN)  CONECTIVA  CLA-2005:920

- 漏洞信息

LibTIFF 多个 整数溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2009-02-05 00:00:00
远程※本地  
        libTiff是一款开源的TIFF文件处理库。
        libtiff 3.5.7及3.7.0中tif_dirread.c和tif_fax3.c存在整数溢出漏洞。
        远程攻击者可以通过一个特殊构造的TIFF_ASCII或TIFF_UNDEFINED目录条目为-1的TIFF文件触发栈溢出,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.libtiff.org/

- 漏洞信息

12555
LibTIFF Directory Entry Count Remote Overflow
Local Access Required, Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in LibTIFF. The tdir_count variable is not validated before being passed to CheckMalloc() resulting in a heap overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2004-12-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

LibTIFF Heap Corruption Integer Overflow Vulnerabilities
Input Validation Error 12075
Yes Yes
2004-12-21 12:00:00 2009-07-12 09:26:00
Discovery credited to infamous41md[at]hotpop.com.

- 受影响的程序版本

Sun Solaris 9_x86 Update 2
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10
SGI ProPack 3.0
SCO Unixware 7.1.4
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
LibTIFF LibTIFF 3.6.1
+ Gentoo Linux 1.4
+ Gentoo Linux
+ OpenPKG OpenPKG Current
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
LibTIFF LibTIFF 3.6 .0
LibTIFF LibTIFF 3.5.7
+ Red Hat Fedora Core2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
LibTIFF LibTIFF 3.5.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
LibTIFF LibTIFF 3.5.4
LibTIFF LibTIFF 3.5.3
LibTIFF LibTIFF 3.5.2
LibTIFF LibTIFF 3.5.1
LibTIFF LibTIFF 3.4
Gentoo Linux
F5 iControl Service Manager 1.3.6
F5 iControl Service Manager 1.3.5
F5 iControl Service Manager 1.3.4
F5 iControl Service Manager 1.3
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Interactive Response 1.3
Avaya Interactive Response 1.2.1
Avaya Interactive Response
Avaya Integrated Management
Avaya CVLAN
Avaya CMS Server 13.0
Avaya CMS Server 12.0
Avaya CMS Server 11.0
Avaya CMS Server 9.0
Avaya CMS Server 8.0
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
F5 iControl Service Manager 1.3.7

- 不受影响的程序版本

LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
F5 iControl Service Manager 1.3.7

- 漏洞讨论

LibTIFF is affected by two heap-corruption vulnerabilities caused by integer-overflow errors that can be triggered when handling malicious or malformed image files. An attacker could exploit the vulnerabilities to execute arbitrary code when TIFF image data is processed (i.e. displayed). The code would run in the context of an application linked to the library. Since image data is often external in origin, these vulnerabilities are remotely exploitable.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Fixes are available. Please see the references for details.


Sun Solaris 8_sparc

Sun Solaris 10

Sun Solaris 10.0_x86

Sun Solaris 7.0

Sun Solaris 9

Sun Solaris 9_x86 Update 2

Sun Solaris 9_x86

Sun Solaris 7.0_x86

Sun Solaris 8_x86

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

SGI ProPack 3.0

LibTIFF LibTIFF 3.4

LibTIFF LibTIFF 3.5.1

LibTIFF LibTIFF 3.5.2

LibTIFF LibTIFF 3.5.3

LibTIFF LibTIFF 3.5.4

LibTIFF LibTIFF 3.5.5

LibTIFF LibTIFF 3.5.7

LibTIFF LibTIFF 3.6 .0

LibTIFF LibTIFF 3.6.1

LibTIFF LibTIFF 3.7

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站