Vulnerabilities > CVE-2006-2025 - Unspecified vulnerability in Libtiff

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
libtiff
nessus
exploit available

Summary

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Exploit-Db

descriptionLibTiff 3.x TIFFFetchData Integer Overflow Vulnerability. CVE-2006-2025. Dos exploit for linux platform
idEDB-ID:27764
last seen2016-02-03
modified2006-04-28
published2006-04-28
reporterTavis Ormandy
sourcehttps://www.exploit-db.com/download/27764/
titleLibTiff 3.x TIFFFetchData Integer Overflow Vulnerability

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0648.NASL
    descriptionUpdated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22282
    published2006-08-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22282
    titleCentOS 3 : kdegraphics (CESA-2006:0648)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0648 and 
    # CentOS Errata and Security Advisory 2006:0648 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22282);
      script_version("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-2024", "CVE-2006-2025", "CVE-2006-2026", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465");
      script_bugtraq_id(19287);
      script_xref(name:"RHSA", value:"2006:0648");
    
      script_name(english:"CentOS 3 : kdegraphics (CESA-2006:0648)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kdegraphics packages that fix several security flaws in kfax
    are now available for Red Hat Enterprise Linux 2.1, and 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The kdegraphics package contains graphics applications for the K
    Desktop Environment.
    
    Tavis Ormandy of Google discovered a number of flaws in libtiff during
    a security audit. The kfax application contains a copy of the libtiff
    code used for parsing TIFF files and is therefore affected by these
    flaws. An attacker who has the ability to trick a user into opening a
    malicious TIFF file could cause kfax to crash or possibly execute
    arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461,
    CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465)
    
    Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax
    uses the shared libtiff library which has been fixed in a previous
    update.
    
    Users of kfax should upgrade to these updated packages, which contain
    backported patches and are not vulnerable to this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013180.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a8196a8a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013181.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6c595bce"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-September/013195.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?282ae501"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kdegraphics packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"kdegraphics-3.1.3-3.10")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"kdegraphics-devel-3.1.3-3.10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-082.NASL
    descriptionSeveral bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21357
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21357
    titleMandrake Linux Security Advisory : libtiff (MDKSA-2006:082)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1054.NASL
    descriptionTavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. - CVE-2006-2025 An integer overflow allows attackers to cause a denial of service and possibly execute arbitrary code. - CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22596
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22596
    titleDebian DSA-1054-1 : tiff - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200605-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200605-17 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF. Impact : An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id21615
    published2006-05-31
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21615
    titleGLSA-200605-17 : libTIFF: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-277-1.NASL
    descriptionTavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application
    last seen2020-06-01
    modified2020-06-02
    plugin id21371
    published2006-05-13
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21371
    titleUbuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0425.NASL
    descriptionUpdated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21365
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21365
    titleRHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0425)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0648.NASL
    descriptionUpdated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22293
    published2006-08-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22293
    titleRHEL 2.1 / 3 : kdegraphics (RHSA-2006:0648)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0425.NASL
    descriptionUpdated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21900
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21900
    titleCentOS 3 / 4 : libtiff (CESA-2006:0425)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0648.NASL
    descriptionFrom Red Hat Security Advisory 2006:0648 : Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67404
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67404
    titleOracle Linux 3 : kdegraphics (ELSA-2006-0648)

Oval

accepted2013-04-29T04:06:56.314-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionInteger overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
familyunix
idoval:org.mitre.oval:def:10593
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
version26

Redhat

advisories
rhsa
idRHSA-2006:0425
rpms
  • libtiff-0:3.5.7-25.el3.1
  • libtiff-0:3.6.1-10
  • libtiff-debuginfo-0:3.5.7-25.el3.1
  • libtiff-debuginfo-0:3.6.1-10
  • libtiff-devel-0:3.5.7-25.el3.1
  • libtiff-devel-0:3.6.1-10
  • kdegraphics-7:3.1.3-3.10
  • kdegraphics-debuginfo-7:3.1.3-3.10
  • kdegraphics-devel-7:3.1.3-3.10