Test ID:	1.3.6.1.4.1.25623.1.0.57038
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-289-1 (tiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tiff announced via advisory USN-289-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193) A. Alejandro Hernández discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit with specially crafted long arguments, an user can execute arbitrary code. If tiffsplit is used in e. g. a web-based frontend or similar automated system, this could lead to remote arbitary code execution with the privileges of that system. (In normal interactive command line usage this is not a vulnerability.) (CVE-2006-2656) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libtiff-tools 3.6.1-5ubuntu0.5 Ubuntu 5.10: libtiff-tools 3.7.3-1ubuntu1.4 Ubuntu 6.06 LTS: libtiff-tools 3.7.4-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-289-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2193 BugTraq ID: 18331 http://www.securityfocus.com/bid/18331 Debian Security Information: DSA-1091 (Google Search) http://www.debian.org/security/2006/dsa-1091 http://security.gentoo.org/glsa/glsa-200607-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 http://www.redhat.com/support/errata/RHSA-2008-0848.html http://secunia.com/advisories/20488 http://secunia.com/advisories/20501 http://secunia.com/advisories/20520 http://secunia.com/advisories/20693 http://secunia.com/advisories/20766 http://secunia.com/advisories/21002 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 http://secunia.com/advisories/31670 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html https://usn.ubuntu.com/289-1/ http://www.vupen.com/english/advisories/2006/2197 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 XForce ISS Database: libtiff-tiff2pdf-bo(26991) https://exchange.xforce.ibmcloud.com/vulnerabilities/26991 Common Vulnerability Exposure (CVE) ID: CVE-2006-2656 20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow... http://marc.info/?l=vuln-dev&m=114857412916909&w=2 20501 20520 20766 21002 DSA-1091 FEDORA-2006-591 https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html GLSA-200607-03 MDKSA-2006:095 http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 SUSE-SR:2006:014 USN-289-1
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.