Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57205
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1137-1 (tiff)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to tiff
announced via advisory DSA 1137-1.

Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2006-3459

Several stack-buffer overflows have been discovered.

CVE-2006-3460

A heap overflow vulnerability in the JPEG decoder may overrun a
buffer with more data than expected.

CVE-2006-3461

A heap overflow vulnerability in the PixarLog decoder may allow an
attacker to execute arbitrary code.

CVE-2006-3462

A heap overflow vulnerability has been discovered in the NeXT RLE
decoder.

CVE-2006-3463

An loop was discovered where a 16bit unsigned short was used to
iterate over a 32bit unsigned value so that the loop would never
terminate and continue forever.

CVE-2006-3464

Multiple unchecked arithmetic operations were uncovered, including
a number of the range checking operations designed to ensure the
offsets specified in TIFF directories are legitimate.

CVE-2006-3465

A flaw was also uncovered in libtiffs custom tag support which may
result in abnormal behaviour, crashes, or potentially arbitrary
code execution.

For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-7.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.2-6.

We recommend that you upgrade your libtiff packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201137-1

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3459
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
BugTraq ID: 19283
http://www.securityfocus.com/bid/19283
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Debian Security Information: DSA-1137 (Google Search)
http://www.debian.org/security/2006/dsa-1137
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://secunia.com/blog/76
http://www.osvdb.org/27723
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
http://www.redhat.com/support/errata/RHSA-2006-0603.html
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://securitytracker.com/id?1016628
http://securitytracker.com/id?1016671
http://secunia.com/advisories/21253
http://secunia.com/advisories/21274
http://secunia.com/advisories/21290
http://secunia.com/advisories/21304
http://secunia.com/advisories/21319
http://secunia.com/advisories/21334
http://secunia.com/advisories/21338
http://secunia.com/advisories/21346
http://secunia.com/advisories/21370
http://secunia.com/advisories/21392
http://secunia.com/advisories/21501
http://secunia.com/advisories/21537
http://secunia.com/advisories/21598
http://secunia.com/advisories/21632
http://secunia.com/advisories/22036
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
SuSE Security Announcement: SUSE-SA:2006:044 (Google Search)
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://lwn.net/Alerts/194228/
http://www.ubuntu.com/usn/usn-330-1
http://www.vupen.com/english/advisories/2006/3101
http://www.vupen.com/english/advisories/2006/3105
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
Common Vulnerability Exposure (CVE) ID: CVE-2006-3460
BugTraq ID: 19288
http://www.securityfocus.com/bid/19288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265
Common Vulnerability Exposure (CVE) ID: CVE-2006-3461
BugTraq ID: 19290
http://www.securityfocus.com/bid/19290
http://www.osvdb.org/27725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910
Common Vulnerability Exposure (CVE) ID: CVE-2006-3462
BugTraq ID: 19282
http://www.securityfocus.com/bid/19282
http://docs.info.apple.com/article.html?artnum=304063
http://www.osvdb.org/27726
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301
Common Vulnerability Exposure (CVE) ID: CVE-2006-3463
BugTraq ID: 19284
http://www.securityfocus.com/bid/19284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639
Common Vulnerability Exposure (CVE) ID: CVE-2006-3464
BugTraq ID: 19286
http://www.securityfocus.com/bid/19286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916
Common Vulnerability Exposure (CVE) ID: CVE-2006-3465
BugTraq ID: 19287
http://www.securityfocus.com/bid/19287
http://www.osvdb.org/27729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.