Vulnerabilities > CVE-2006-2025 - Integer Overflow vulnerability in LibTiff TIFFFetchData
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1
Vulnerable Configurations
Exploit-Db
| description | LibTiff 3.x TIFFFetchData Integer Overflow Vulnerability. CVE-2006-2025. Dos exploit for linux platform |
| id | EDB-ID:27764 |
| last seen | 2016-02-03 |
| modified | 2006-04-28 |
| published | 2006-04-28 |
| reporter | Tavis Ormandy |
| source | https://www.exploit-db.com/download/27764/ |
| title | LibTiff 3.x TIFFFetchData Integer Overflow Vulnerability |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0648.NASL description Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22282 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22282 title CentOS 3 : kdegraphics (CESA-2006:0648) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0648 and # CentOS Errata and Security Advisory 2006:0648 respectively. # include("compat.inc"); if (description) { script_id(22282); script_version("1.24"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-2024", "CVE-2006-2025", "CVE-2006-2026", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"RHSA", value:"2006:0648"); script_name(english:"CentOS 3 : kdegraphics (CESA-2006:0648)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue." ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013180.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8196a8a" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013181.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6c595bce" ); # https://lists.centos.org/pipermail/centos-announce/2006-September/013195.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?282ae501" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"kdegraphics-3.1.3-3.10")) flag++; if (rpm_check(release:"CentOS-3", reference:"kdegraphics-devel-3.1.3-3.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-082.NASL description Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21357 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21357 title Mandrake Linux Security Advisory : libtiff (MDKSA-2006:082) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1054.NASL description Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. - CVE-2006-2025 An integer overflow allows attackers to cause a denial of service and possibly execute arbitrary code. - CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22596 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22596 title Debian DSA-1054-1 : tiff - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-17.NASL description The remote host is affected by the vulnerability described in GLSA-200605-17 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF. Impact : An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21615 published 2006-05-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21615 title GLSA-200605-17 : libTIFF: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-277-1.NASL description Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application last seen 2020-06-01 modified 2020-06-02 plugin id 21371 published 2006-05-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21371 title Ubuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0425.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21365 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21365 title RHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0425) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0648.NASL description Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22293 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22293 title RHEL 2.1 / 3 : kdegraphics (RHSA-2006:0648) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0425.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21900 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21900 title CentOS 3 / 4 : libtiff (CESA-2006:0425) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0648.NASL description From Red Hat Security Advisory 2006:0648 : Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67404 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67404 title Oracle Linux 3 : kdegraphics (ELSA-2006-0648)
Oval
| accepted | 2013-04-29T04:06:56.314-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10593 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
- http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
- http://secunia.com/advisories/19838
- http://secunia.com/advisories/19897
- http://secunia.com/advisories/19936
- http://secunia.com/advisories/19949
- http://secunia.com/advisories/19964
- http://secunia.com/advisories/20021
- http://secunia.com/advisories/20023
- http://secunia.com/advisories/20210
- http://secunia.com/advisories/20345
- http://secunia.com/advisories/20667
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
- http://www.debian.org/security/2006/dsa-1054
- http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://www.redhat.com/support/errata/RHSA-2006-0425.html
- http://www.securityfocus.com/bid/17732
- http://www.trustix.org/errata/2006/0024
- http://www.vupen.com/english/advisories/2006/1563
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26134
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593
- https://usn.ubuntu.com/277-1/