English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 90411 CVE descriptions
and 49772 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53258
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 567-1 (tiff)
Summary:Debian Security Advisory DSA 567-1 (tiff)
Description:Description:
The remote host is missing an update to tiff
announced via advisory DSA 567-1.

Several problems have been discovered in libtiff, the Tag Image File
Format library for processing TIFF graphics files. An attacker could
prepare a specially crafted TIFF graphic that would cause the client
to execute arbitrary code or crash. The Common Vulnerabilities and
Exposures Project has identified the following problems:

CVE-2004-0803

Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.

CVE-2004-0804

Matthias Clasen discovered a division by zero through an integer
overflow.

CVE-2004-0886

Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.


For the stable distribution (woody) these problems have been fixed in
version 3.5.5-6woody1.

For the unstable distribution (sid) these problems have been fixed in
version 3.6.1-2.

We recommend that you upgrade your libtiff package.


Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20567-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109778785107450&w=2
http://scary.beasts.org/security/CESA-2004-006.txt
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100114
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8896
http://secunia.com/advisories/12818
XForce ISS Database: libtiff-library-decoding-bo(17703)
http://xforce.iss.net/xforce/xfdb/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
CERT/CC vulnerability note: VU#555304
http://www.kb.cert.org/vuls/id/555304
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100115
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11711
XForce ISS Database: libtiff-dos(17755)
http://xforce.iss.net/xforce/xfdb/17755
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
http://www.trustix.org/errata/2004/0054/
http://marc.theaimsgroup.com/?l=bugtraq&m=109779465621929&w=2
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100116
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9907
http://securitytracker.com/id?1011674
XForce ISS Database: libtiff-bo(17715)
http://xforce.iss.net/xforce/xfdb/17715
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 49772 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.