libtiff
Mandriva Linux Security Advisory MDVSA-2010:146
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : August 6, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:145
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : August 6, 2010
Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
#2009-012 libtiff tools integer overflows
Description:
The libtiff image library tools suffer from integer overflows which may lead to
a potentially exploitable heap overflow and result in arbitrary code execution.
The libtiff package ships a library, for reading and writing TIFF, as well as a
small collection of tools for manipulating TIFF images. The cvt_whole_image
ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-107
March 21, 2011
-- CVE ID:
CVE-2011-1167
-- CVSS:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libTIFF: User-assisted execution of arbitrary code
Date: August 07, 2009
Bugs: #276339, #276988
ID: 200908-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libTIFF: User-assisted execution of arbitrary code
Date: September 08, 2008
Bugs: #234080
ID: 200809-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
first article discusses the architecture and provides some useful
shellcode for already-modified phones.
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html
The second article discusses the libtiff exploit and includes a link to a
modified version of the weasel debugger.
http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html
The third article steps through the entire libtiff exploit development
first article discusses the architecture and provides some useful
shellcode for already-modified phones.
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html
The second article discusses the libtiff exploit and includes a link to a
modified version of the weasel debugger.
http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html
The third article steps through the entire libtiff exploit development
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 21, 2010
I. BACKGROUND
libTIFF is a free and popular image library that provides support for
displaying and manipulating Tag Image File Format (TIFF) image data.
This library is used by numerous applications and is included in
various vendor operating system distributions. For more information,
see the vendor's site found at the following link:
http://www.libtiff.org
Mandriva Linux Security Advisory MDVSA-2009:169-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:184
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : September 3, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:190
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : September 30, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:169
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:150
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : July 13, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:043
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : March 8, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
libtiff=conary.rpath.com@rpl:1/3.8.2-3.1-1
libtiff=conary.rpath.com@rpl:2/3.8.2-5-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2724
-- Disclosure Timeline:
3-17-2011
-- Affected Vendor:
Imagemagick 6.6.8-5
Libtiff 6.9.4
-- Problem Description:
A buffer overflow is triggered by displaying a malformed tiff image by the Imagemagick.The error information is followed:
display: malformed.tif: Wrong "StripByteCounts" field, ignoring and calculating from imagelength. `TIFFReadDirectory' @ warning/tiff.c/TIFFWarnings/706.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.3
Ubuntu 7.04:
libtiff4 3.8.2-6ubuntu1
Ubuntu 7.10:
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Unauthorized Access
Updated Versions:
libtiff=conary.rpath.com@rpl:2/3.8.2-5.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3235
References:
Vulnerability : buffer underflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2327
Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.
simple, easy to use via command-line interface, providing nice
analysis of software crashes in a simple form of file names.
It has been used by me and some others to find a few, possibly
exploitable, bugs in some major software packages; incl.: freetype2,
librsvg, libtiff..
The code and documentation can be found here:
http://code.google.com/p/honggfuzz/
PS: Thanks to Felix Gröbert, Parisa Tabriz and Tavis Ormandy for their
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.4
Ubuntu 8.04 LTS:
libtiff4 3.8.2-7ubuntu3.2
Ubuntu 8.10:
# Exploit Title: Adobe Acrobat libtiff Remote Code Execution
# Date: 2010-03-12
# Author: villy( http://bugix-security.blogspot.com/)
# Software Link: http://adobe.com/
# Version: Adobe Reader 9.x < 9.3.1
# Tested on: windows xp(sp2 and xp3)
# CVE : CVE-2010-0188
Full python code on the link :
http://bugix-security.blogspot.com/2010/03/adobe-pdf-libtiff-working-exploitcve.html
|
