<< Previous Next >>
images
configured for SIP and Cisco Unified Border Element feature are not
affected by this vulnerability.
Note: Cisco Unified Border Element feature (previously known as the
Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software
image that runs on Cisco multiservice gateway platforms. It provides
a network-to-network interface point for billing, security, call
admission control, quality of service, and signaling interworking.
Cisco Unified Border Element feature requires the "voice service voip"
command and the "allow-connections" subcommand. An example of an
user.
This vulnerability exists in the way GDI handles integer math. An
integer overflow could occur while calculating the a buffer length,
which results in an undersized heap buffer being allocated. This buffer
is then overflowed with data from the input image file.
III. ANALYSIS
Exploitation allows an attacker to execute arbitrary code with the
privileges of the current user. Exploitation would require convincing a
Hi,
Firefox 2.0.0.18 fixes a cross-domain theft of image data. Firefox 3
unaffected. It's another interesting case where a redirector confuses
the browser about the true origin of a piece of content. If evil.org
hosts a redirector, e.g. evil.org/redir, and an image is loaded via
this redirector, the image will be treated as a same-domain image. In
this event, the image pixel data may easily be stolen by rendering the
image to a canvas and using the getImageData() JavaScript API.
<!--
ImageShack Toolbar 4.5.7 FileUploader Class (ImageShackToolbar.dll) insecure
method poc
This tool may allow a malicious web page to post arbitrary images on the web
from a user hard drive. Images will be visible on ImageShack site, a way for an
attacker to retrieve them maybe tag search or by understanding the renaming
operation, ex. "_" chars are removed and the "tq2" string is appended.
My test image is still visible here:
http://img262.imageshack.us/my.php?image=xpwallpaperglasstq2.jpg
Previous versions of the gd, php, and php5 packages are vulnerable
to multiple attacks in which an attacker may cause unbounded CPU
consumption or application crashes (Denial of Service), possibly
leading to the execution of malicious code (Unauthorized Access).
These attacks are generally limited to uses of the gd library to load
existing images rather than generate new images. Many applications
that use gd (including all uses of gd within rPath Linux) us gd
only for generating new images, not for loading existing images.
While rPath Linux itself is not vulnerable to these attacks,
some uses of gd, particularly when loading attacker-supplied
Cisco IOS Software can start processing SIP messages, it is
recommended that the "show processes | include SIP" command be used to
determine whether the device is processing SIP messages instead of
relying on the presence of specific configuration commands.
Cisco Unified Border Element images are also affected by these
vulnerabilities.
Note: The Cisco Unified Border Element feature (previously known as
the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS
Software image that runs on Cisco multiservice gateway platforms. It
Release notes:
http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html
VMware Server 2
Version 2.0.2 | 203138 - 10/26/09
507 MB EXE image VMware Server 2 for Windows Operating Systems. A
master installer file containing all Windows components of VMware
Server.
md5sum: a6430bcc16ff7b3a29bb8da1704fc38a
sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b
###################
#The vulnerability#
###################
The vulnerability is caused due to errors in decompression of CCITT G4
compressed TIFF images.
CCITT compression is basically a RLE (Run Length Encoding) compression
of 2-color (black/white) images where run lengths of black and white
pixels are encoded using variable number of bits. In the first step of
decoding process run-lengths are determined and are stored in a buffer
www.sektioneins.de
-= Security Advisory =-
Advisory: Horde Application Framework Horde_Form_Type_image
Arbitrary File Overwrite Vulnerability
Release Date: 2009/09/18
Last Modified: 2009/09/18
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
contents after completion of a page transition.
CVE-2009-1693
WebKit allows remote attackers to read images from arbitrary web sites via a
CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVE-2009-1694
platform as N95 (TI OMAP 2420) with same Symbian v9.2 (S60 v3 FP1), so the
crash was predictable.
I've tested on:
- Image browser -- by pressing [Open] in File Manager, so that the
application crashes immediately, and File Manager barking "Unable to
open file".
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-5316 CVE-2008-5317
Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-5316
A telnet to the modem, after logging in gives access to the internal (linux) system shell, from where a malicous user (cracker) can change
system configuration and modify/tap network traffic. Most subscribers are not technically inclined to even know what it means - far from
being able to turn it off.
4. The modems also provide an interface for updating their firmware.
The firmware image is readily available for download from airtel's website, and many other websites. The firmware image consists of a
linux kernel, root file-system, configuration and (maybe) other binary blobs. There seems to be no security/check on firmware image's
authority. It is easy to modify a firmware image and replace the root-filesystem with a malicious root-filesystem. Worse yet, the modified root file-system could effectively disable further firmware updates. A malicious firmware image could provide an attacker with complete access and control on the modem and the network traffic on the modems.
5. Once an attacker has access to a modem (through telnet and/or a firmware update), he/she can launch the following attacks and/or more:
* use MITM attacks to capture encrypted data, including passwords, credit-card numbers and other confidential data
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
b. Security update for tcltk
An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
#######################################################################
Luigi Auriemma
Application: Acronis True Image Windows Agent
http://www.acronis.com/enterprise/products/ATIES/windows-agent.html
Versions: <= 1.0.0.54
(included in Acronis True Image Enterprise Server
9.5.0.8072 and the other True Image packages)
Platforms: Windows
======================================================================
Secunia Research 02/11/2007
- ACDSee Products Image and Archive Plug-ins Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display, identify, import, mogrify and montage) that
Multiple Vendor ImageMagick Off-By-One Vulnerability
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display, identify, import, mogrify and montage) that
Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display, identify, import, mogrify and montage) that
ip scp server enable
The IOS Secure Copy server is disabled by default.
The Secure Copy server functionality is only available on
encryption-capable images. Devices that do not run an
encryption-capable images, which contain either k8 or k9 in the image
name, are not vulnerable. If a device is running an encryption-capable
image, the existence of the "ip scp server enable" command in the
configuration will determine whether the device is affected.
Cory Altheide, please stand up.
> , that apparently revealed
> minor bugs
By minor, you mean things like (1) where a disk image cannot be acquired
or (2) that appears to cause an out-of-bounds memory operation or (3)
which most likely has one hell of a race condition?
> All of the testing involved
Software can start processing SIP messages, it is recommended that
the show processes | include SIP command be used to determine whether
the device is processing SIP messages instead of relying on the
presence of specific configuration commands.
Cisco Unified Border Element images are also affected by two of these
vulnerabilities.
Note: The Cisco Unified Border Element feature (previously known as
the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS
Software image that runs on Cisco multiservice gateway platforms. It
======================================================================
Secunia Research 23/08/2010
- Mono libgdiplus Image Processing Three Integer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 14/12/2010
- Microsoft Office TIFF Image Converter Two Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Apple Mac OS X Image RAW Multiple Buffer Overflows
22/03/2011
Paul Harrington of NGS Secure has discovered a High risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.
Versions affected include:
Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6 with RawCamera.bundle < 3.6
=======
Summary
=======
Name: Apple OSX / iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
Reference: NGS00062
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: Apple
Vendor Reference: 145575681
Systems Affected: Apple OSX / iPhone iOS / Possibly others using LibTiff
Risk: High
http://www.restorepoint.com/restorepoint/
=====================================================================
Vulnerability:
The 3.2 evaluation image of Restorepoint is vulnerable to a remote command
execution vulnerability in the remote_support.cgi script prior to license
activation. By supplying a semi colon followed by a unix shell command to
the pid1 or pid2 parameters in conjunction with the stop_remote_support
parameter, an unauthenticated remote attacker can execute commands on the
Restorepoint appliance with the privileges of the www user. The Common
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 21, 2010
I. BACKGROUND
libTIFF is a free and popular image library that provides support for
displaying and manipulating Tag Image File Format (TIFF) image data.
This library is used by numerous applications and is included in
various vendor operating system distributions. For more information,
see the vendor's site found at the following link:
http://www.libtiff.org
the necessary changes.
Details follow:
It was discovered that libpng did not properly initialize memory when
decoding certain 1-bit interlaced images. If a user or automated system
were tricked into processing crafted PNG images, an attacker could possibly
use this flaw to read sensitive information stored in memory. This issue
only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)
It was discovered that libpng did not properly handle certain excessively
======================================================================
Secunia Research 12/11/2009
- Gimp BMP Image Parsing Integer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
<<Previous Next>>
|
