CVE-2005-2340
CVSS7.5
发布时间 :2005-12-31 00:00:00
修订时间 :2011-10-18 00:00:00
NMCOPS    

[原文]Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.


[CNNVD]Apple QuickTime QTIF栈溢出漏洞(CNNVD-200512-952)

        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        Quicktime在处理qtif格式文件的数据字段时会逐字节的拷贝到栈,但没有执行正确的检查,因此会在内存中导致栈溢出。原始的函数指针值是0x44332211。只需将其溢出到0x08332211并确保将0x44溢出到0x08之前不会崩溃,就可以执行代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:apple:quicktime:7.0.2Apple Quicktime 7.0.2
cpe:/a:apple:quicktime:7.0.1Apple Quicktime 7.0.1
cpe:/a:apple:quicktime:7.0Apple Quicktime 7.0
cpe:/a:apple:quicktime:7.0.3Apple Quicktime 7.0.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2340
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-952
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-011A.html
(VENDOR_ADVISORY)  CERT  TA06-011A
http://www.kb.cert.org/vuls/id/687201
(VENDOR_ADVISORY)  CERT-VN  VU#687201
http://www.kb.cert.org/vuls/id/629845
(VENDOR_ADVISORY)  CERT-VN  VU#629845
http://xforce.iss.net/xforce/xfdb/24054
(PATCH)  XF  quicktime-qtif-bo(24054)
http://www.securityfocus.com/bid/16202
(PATCH)  BID  16202
http://www.osvdb.org/22335
(PATCH)  OSVDB  22335
http://www.osvdb.org/22334
(PATCH)  OSVDB  22334
http://www.osvdb.org/22333
(PATCH)  OSVDB  22333
http://securitytracker.com/id?1015463
(PATCH)  SECTRACK  1015463
http://secunia.com/advisories/18370
(VENDOR_ADVISORY)  SECUNIA  18370
http://docs.info.apple.com/article.html?artnum=303101
(PATCH)  APPLE  APPLE-SA-2006-01-10
http://www.vupen.com/english/advisories/2006/0128
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0128
http://www.securityfocus.com/bid/16212
(UNKNOWN)  BID  16212
http://www.securityfocus.com/archive/1/archive/1/421566/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow
http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060111 Updated Advisories - Incorrect CVE Information
http://www.cirt.dk/advisories/cirt-41-advisory.pdf
(VENDOR_ADVISORY)  MISC  http://www.cirt.dk/advisories/cirt-41-advisory.pdf
http://securityreason.com/securityalert/332
(UNKNOWN)  SREASON  332
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
(UNKNOWN)  FULLDISC  20060111 Updated Advisories - Incorrect CVE Information
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html
(VENDOR_ADVISORY)  FULLDISC  20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html
(UNKNOWN)  FULLDISC  20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow

- 漏洞信息

Apple QuickTime QTIF栈溢出漏洞
高危 缓冲区溢出
2005-12-31 00:00:00 2006-05-24 00:00:00
远程  
        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        Quicktime在处理qtif格式文件的数据字段时会逐字节的拷贝到栈,但没有执行正确的检查,因此会在内存中导致栈溢出。原始的函数指针值是0x44332211。只需将其溢出到0x08332211并确保将0x44溢出到0x08之前不会崩溃,就可以执行代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.apple.com/quicktime/

- 漏洞信息 (F43062)

Technical Cyber Security Alert 2006-11A (PacketStormID:F43062)
2006-01-15 00:00:00
US-CERT  us-cert.gov
advisory,denial of service,arbitrary,vulnerability
apple
CVE-2005-4092,CVE-2005-3707,CVE-2005-3710,CVE-2005-3713,CVE-2005-2340
[点击下载]

Technical Cyber Security Alert TA06-011A - Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   
                        National Cyber Alert System

                 Technical Cyber Security Alert TA06-011A


Apple QuickTime Vulnerabilities

   Original release date: January 11, 2006
   Last revised: January 11, 2006
   Source: US-CERT

Systems Affected

   Apple QuickTime on systems running

     * Apple Mac OS X
     * Microsoft Windows XP
     * Microsoft Windows 2000


Overview

   Apple has released QuickTime 7.0.4 to correct multiple
   vulnerabilities. The impacts of these vulnerabilities include
   execution of arbitrary code and denial of service.


I. Description

   Apple QuickTime 7.0.4 resolves a number of image and media file
   handling vulnerabilities. Further details are available in the
   following Vulnerability Notes:

   VU#629845 - Apple QuickTime image handling buffer overflow

   Apple QuickTime contains a heap overflow vulnerability that may allow
   an attacker to execute arbitrary code or cause a denial-of-service
   condition.
   (CAN-2005-2340)

   VU#921193 - Apple QuickTime fails to properly handle corrupt media
   files

   Apple QuickTime contains a heap overflow vulnerability in the handling
   of media files. This vulnerability may allow a remote, unauthenticated
   attacker to execute arbitrary code or cause a denial of service on a
   vulnerable system.
   (CAN-2005-4092)

   VU#115729 - Apple QuickTime fails to properly handle corrupt TGA
   images

   A flaw in the way Apple QuickTime handles Targa (TGA) image format
   files could allow a remote attacker to execute arbitrary code on a
   vulnerable system.
   (CAN-2005-3707)

   VU#150753 - Apple QuickTime fails to properly handle corrupt TIFF
   images

   Apple QuickTime contains an integer overflow vulnerability in the
   handling of TIFF images. This vulnerability may allow a remote,
   unauthenticated attacker to execute arbitrary code or cause a denial
   of service on a vulnerable system.
   (CAN-2005-3710)

   VU#913449 - Apple QuickTime fails to properly handle corrupt GIF
   images

   A flaw in the way Apple QuickTime handles Graphics Interchange Format
   (GIF) files could allow a remote attacker to execute arbitrary code on
   a vulnerable system.
   (CAN-2005-3713)


II. Impact

   The impacts of these vulnerabilities vary. For information about
   specific impacts, please see the Vulnerability Notes. Potential
   consequences include remote execution of arbitrary code or commands
   and denial of service.


III. Solution

Upgrade

   Upgrade to QuickTime 7.0.4.


Appendix A. References

     * US-CERT Vulnerability Note VU#629845 -
       <http://www.kb.cert.org/vuls/id/629845>

     * US-CERT Vulnerability Note VU#921193 -
       <http://www.kb.cert.org/vuls/id/921193>

     * US-CERT Vulnerability Note VU#115729 -
       <http://www.kb.cert.org/vuls/id/115729>

     * US-CERT Vulnerability Note VU#150753 -
       <http://www.kb.cert.org/vuls/id/150753>

     * US-CERT Vulnerability Note VU#913449 -
       <http://www.kb.cert.org/vuls/id/913449>

     * CVE-2005-2340 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>

     * CVE-2005-4092 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>

     * CVE-2005-3707 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>

     * CVE-2005-3710 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>

     * CVE-2005-3713 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>

     * Security Content for QuickTime 7.0.4 -
       <http://docs.info.apple.com/article.html?artnum=303101>

     * QuickTime 7.0.4 -
       <http://www.apple.com/support/downloads/quicktime704.html>

     * About the Mac OS X 10.4.4 Update (Delta) -
       <http://docs.info.apple.com/article.html?artnum=302810>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________



Revision History

   January 11, 2006: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj
34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey
AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/
HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL
osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy
0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==
=5Kiq
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F43054)

cirt-41-advisory.pdf (PacketStormID:F43054)
2006-01-15 00:00:00
Dennis Rand  cirt.dk
advisory,overflow
windows,apple
CVE-2005-2340
[点击下载]

Apple Quicktime is susceptible to a buffer overflow vulnerability during the handling of .JPG/.PICT files. This vulnerability affects Windows Quicktime versions 6.5.1, 7.0.3, and Mac OSX Quicktime version 7.0.3. Earlier versions are suspected vulnerable.

- 漏洞信息

22333
Apple QuickTime QTIF Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

An overflow exists in QuickTime. QuickTime fails to validate the 'data' portion of QTIF files, resulting in a stack overflow. With a specially crafted file, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

- 时间线

2006-01-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 7.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apple QuickTime QTIF Image Processing Remote Heap Overflow Vulnerability
Boundary Condition Error 16852
Yes No
2006-01-10 12:00:00 2008-05-01 06:36:00
Discovery is credited to Varun Uppal of Kanbay.

- 受影响的程序版本

Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.0.4

- 不受影响的程序版本

Apple QuickTime Player 7.0.4

- 漏洞讨论

QuickTime is prone to a remote heap-based overflow vulnerability.

This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file.

A successful attack can result in a remote compromise.

Versions prior to QuickTime 7.0.4 are vulnerable.

NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address this issue. Please see the references more information.


Apple QuickTime Player 7.0.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站