Vulnerabilities > CVE-2006-3459 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Apple iOS MobileMail LibTIFF Buffer Overflow. CVE-2006-3459,CVE-2010-0188. Remote exploit for ios platform id EDB-ID:21869 last seen 2016-02-02 modified 2012-10-09 published 2012-10-09 reporter metasploit source https://www.exploit-db.com/download/21869/ title Apple iOS MobileMail LibTIFF Buffer Overflow description Adobe Reader PDF LibTiff Integer Overflow Code Execution. CVE-2006-3459,CVE-2010-0188. Local exploit for windows platform id EDB-ID:11787 last seen 2016-02-01 modified 2010-03-17 published 2010-03-17 reporter villy source https://www.exploit-db.com/download/11787/ title Adobe Reader PDF LibTiff Integer Overflow Code Execution description iPhone MobileMail LibTIFF Buffer Overflow. CVE-2006-3459. Remote exploit for hardware platform id EDB-ID:16869 last seen 2016-02-02 modified 2010-09-20 published 2010-09-20 reporter metasploit source https://www.exploit-db.com/download/16869/ title iPhone MobileMail LibTIFF Buffer Overflow description Apple iOS MobileSafari LibTIFF Buffer Overflow. CVE-2006-3459,CVE-2010-0188. Remote exploit for ios platform id EDB-ID:21868 last seen 2016-02-02 modified 2012-10-09 published 2012-10-09 reporter metasploit source https://www.exploit-db.com/download/21868/ title Apple iOS MobileSafari LibTIFF Buffer Overflow description iPhone MobileSafari LibTIFF Buffer Overflow. CVE-2006-3459. Remote exploit for hardware platform id EDB-ID:16868 last seen 2016-02-02 modified 2010-09-20 published 2010-09-20 reporter metasploit source https://www.exploit-db.com/download/16868/ title iPhone MobileSafari LibTIFF Buffer Overflow description iPhone MobileSafari LibTIFF Buffer Overflow. CVE-2006-3459. Remote exploit for hardware platform id EDB-ID:16862 last seen 2016-02-02 modified 2010-09-20 published 2010-09-20 reporter metasploit source https://www.exploit-db.com/download/16862/ title iPhone MobileSafari LibTIFF Buffer Overflow
Metasploit
description This module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload. id MSF:EXPLOIT/APPLE_IOS/EMAIL/MOBILEMAIL_LIBTIFF last seen 2020-03-14 modified 2017-07-24 published 2012-09-10 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/apple_ios/email/mobilemail_libtiff.rb title Apple iOS MobileMail LibTIFF Buffer Overflow description This module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload. id MSF:EXPLOIT/APPLE_IOS/BROWSER/SAFARI_LIBTIFF last seen 2020-06-13 modified 2017-07-24 published 2012-09-10 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/apple_ios/browser/safari_libtiff.rb title Apple iOS MobileSafari LibTIFF Buffer Overflow
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0648.NASL description Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22282 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22282 title CentOS 3 : kdegraphics (CESA-2006:0648) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0648 and # CentOS Errata and Security Advisory 2006:0648 respectively. # include("compat.inc"); if (description) { script_id(22282); script_version("1.24"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-2024", "CVE-2006-2025", "CVE-2006-2026", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"RHSA", value:"2006:0648"); script_name(english:"CentOS 3 : kdegraphics (CESA-2006:0648)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue." ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013180.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8196a8a" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013181.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6c595bce" ); # https://lists.centos.org/pipermail/centos-announce/2006-September/013195.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?282ae501" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"kdegraphics-3.1.3-3.10")) flag++; if (rpm_check(release:"CentOS-3", reference:"kdegraphics-devel-3.1.3-3.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1137.NASL description Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2006-3459 Several stack-buffer overflows have been discovered. - CVE-2006-3460 A heap overflow vulnerability in the JPEG decoder may overrun a buffer with more data than expected. - CVE-2006-3461 A heap overflow vulnerability in the PixarLog decoder may allow an attacker to execute arbitrary code. - CVE-2006-3462 A heap overflow vulnerability has been discovered in the NeXT RLE decoder. - CVE-2006-3463 An loop was discovered where a 16bit unsigned short was used to iterate over a 32bit unsigned value so that the loop would never terminate and continue forever. - CVE-2006-3464 Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations designed to ensure the offsets specified in TIFF directories are legitimate. - CVE-2006-3465 A flaw was also uncovered in libtiffs custom tag support which may result in abnormal behaviour, crashes, or potentially arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 22679 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22679 title Debian DSA-1137-1 : tiff - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1137. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22679); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_xref(name:"DSA", value:"1137"); script_name(english:"Debian DSA-1137-1 : tiff - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2006-3459 Several stack-buffer overflows have been discovered. - CVE-2006-3460 A heap overflow vulnerability in the JPEG decoder may overrun a buffer with more data than expected. - CVE-2006-3461 A heap overflow vulnerability in the PixarLog decoder may allow an attacker to execute arbitrary code. - CVE-2006-3462 A heap overflow vulnerability has been discovered in the NeXT RLE decoder. - CVE-2006-3463 An loop was discovered where a 16bit unsigned short was used to iterate over a 32bit unsigned value so that the loop would never terminate and continue forever. - CVE-2006-3464 Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations designed to ensure the offsets specified in TIFF directories are legitimate. - CVE-2006-3465 A flaw was also uncovered in libtiffs custom tag support which may result in abnormal behaviour, crashes, or potentially arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3459" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3460" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3461" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3462" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3463" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3464" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3465" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1137" ); script_set_attribute( attribute:"solution", value: "Upgrade the libtiff packages. For the stable distribution (sarge) these problems have been fixed in version 3.7.2-7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libtiff-opengl", reference:"3.7.2-7")) flag++; if (deb_check(release:"3.1", prefix:"libtiff-tools", reference:"3.7.2-7")) flag++; if (deb_check(release:"3.1", prefix:"libtiff4", reference:"3.7.2-7")) flag++; if (deb_check(release:"3.1", prefix:"libtiff4-dev", reference:"3.7.2-7")) flag++; if (deb_check(release:"3.1", prefix:"libtiffxx0", reference:"3.7.2-7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-1908.NASL description This update of libtiff is the result of a source-code audit done by Tavis Ormandy. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image. (CVE-2006-3459 / CVE-2006-3460 / CVE-2006-3461 / CVE-2006-3462 / CVE-2006-3463 / CVE-2006-3464 / CVE-2006-3465) Please restart your applications. last seen 2020-06-01 modified 2020-06-02 plugin id 29512 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29512 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 1908) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(29512); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_name(english:"SuSE 10 Security Update : libtiff (ZYPP Patch Number 1908)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of libtiff is the result of a source-code audit done by Tavis Ormandy. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image. (CVE-2006-3459 / CVE-2006-3460 / CVE-2006-3461 / CVE-2006-3462 / CVE-2006-3463 / CVE-2006-3464 / CVE-2006-3465) Please restart your applications." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3459.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3460.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3461.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3462.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3463.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3464.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3465.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1908."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"libtiff-3.8.2-5.9")) flag++; if (rpm_check(release:"SLED10", sp:0, reference:"libtiff-devel-3.8.2-5.9")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"libtiff-32bit-3.8.2-5.9")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"libtiff-3.8.2-5.9")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"libtiff-devel-3.8.2-5.9")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"libtiff-32bit-3.8.2-5.9")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"libtiff-devel-32bit-3.8.2-5.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-1907.NASL description This update of libtiff is the result of a source-code audit done by Tavis Ormandy. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Please restart your applications. last seen 2020-06-01 modified 2020-06-02 plugin id 27334 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27334 title openSUSE 10 Security Update : libtiff (libtiff-1907) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libtiff-1907. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27334); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_name(english:"openSUSE 10 Security Update : libtiff (libtiff-1907)"); script_summary(english:"Check for the libtiff-1907 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of libtiff is the result of a source-code audit done by Tavis Ormandy. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Please restart your applications." ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"libtiff-3.8.2-5.9") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"libtiff-devel-3.8.2-5.9") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"libtiff-32bit-3.8.2-5.9") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"libtiff-devel-32bit-3.8.2-5.9") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-004.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2006-004. This security update contains fixes for the following applications : AFP Server Bluetooth Bom DHCP dyld fetchmail gnuzip ImageIO LaunchServices OpenSSH telnet WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 22125 published 2006-08-01 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22125 title Mac OS X Multiple Vulnerabilities (Security Update 2006-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22125); script_version("1.23"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-0488", "CVE-2005-0988", "CVE-2005-1228", "CVE-2005-2335", "CVE-2005-3088", "CVE-2005-4348", "CVE-2006-0321", "CVE-2006-0392", "CVE-2006-0393", "CVE-2006-1472", "CVE-2006-1473", "CVE-2006-3459", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3465", "CVE-2006-3495", "CVE-2006-3496", "CVE-2006-3497", "CVE-2006-3498", "CVE-2006-3499", "CVE-2006-3500", "CVE-2006-3501", "CVE-2006-3502", "CVE-2006-3503", "CVE-2006-3504", "CVE-2006-3505"); script_bugtraq_id(19289); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-004)"); script_summary(english:"Check for Security Update 2006-004"); script_set_attribute(attribute:"synopsis", value:"The remote operating system is missing a vendor-supplied patch."); script_set_attribute(attribute:"description", value: "The remote host is running Apple Mac OS X, but lacks Security Update 2006-004. This security update contains fixes for the following applications : AFP Server Bluetooth Bom DHCP dyld fetchmail gnuzip ImageIO LaunchServices OpenSSH telnet WebKit"); # http://web.archive.org/web/20070728033955/http://docs.info.apple.com/article.html?artnum=304063 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e97e41a"); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : http://www.apple.com/support/downloads/securityupdate2006004macosx1047clientintel.html http://www.apple.com/support/downloads/securityupdate2006004macosx1047clientppc.html Mac OS X 10.3 : http://www.apple.com/support/downloads/securityupdate20060041039client.html http://www.apple.com/support/downloads/securityupdate20060041039server.html"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-7]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[467]|2007-00[38])", string:packages)) security_hole(0); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0603.NASL description From Red Hat Security Advisory 2006:0603 : Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67398 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67398 title Oracle Linux 3 : libtiff (ELSA-2006-0603) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0603 and # Oracle Linux Security Advisory ELSA-2006-0603 respectively. # include("compat.inc"); if (description) { script_id(67398); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-2656", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"RHSA", value:"2006:0603"); script_name(english:"Oracle Linux 3 : libtiff (ELSA-2006-0603)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2006:0603 : Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000077.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"libtiff-3.5.7-25.el3.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"libtiff-3.5.7-25.el3.4")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"libtiff-devel-3.5.7-25.el3.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"libtiff-devel-3.5.7-25.el3.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-137.NASL description Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library : Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is used to read two unsigned shorts from the input file. While a bounds check is performed via CheckDirCount(), no action is taken on the result allowing a pathological tdir_count to read an arbitrary number of unsigned shorts onto a stack buffer. (CVE-2006-3459) A heap overflow vulnerability was discovered in the jpeg decoder, where TIFFScanLineSize() is documented to return the size in bytes that a subsequent call to TIFFReadScanline() would write, however the encoded jpeg stream may disagree with these results and overrun the buffer with more data than expected. (CVE-2006-3460) Another heap overflow exists in the PixarLog decoder where a run length encoded data stream may specify a stride that is not an exact multiple of the number of samples. The result is that on the final decode operation the destination buffer is overrun, potentially allowing an attacker to execute arbitrary code. (CVE-2006-3461) The NeXT RLE decoder was also vulnerable to a heap overflow vulnerability, where no bounds checking was performed on the result of certain RLE decoding operations. This was solved by ensuring the number of pixels written did not exceed the size of the scanline buffer already prepared. (CVE-2006-3462) An infinite loop was discovered in EstimateStripByteCounts(), where a 16bit unsigned short was used to iterate over a 32bit unsigned value, should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the loop would never terminate and continue forever. (CVE-2006-3463) Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations deisgned to ensure the offsets specified in tiff directories are legitimate. These can be caused to wrap for extreme values, bypassing sanity checks. Additionally, a number of codepaths were uncovered where assertions did not hold true, resulting in the client application calling abort(). (CVE-2006-3464) A flaw was also uncovered in libtiffs custom tag support, as documented here http://www.libtiff.org/v3.6.0.html. While well formed tiff files must have correctly ordered directories, libtiff attempts to support broken images that do not. However in certain circumstances, creating anonymous fields prior to merging field information from codec information can result in recognised fields with unexpected values. This state results in abnormal behaviour, crashes, or potentially arbitrary code execution. (CVE-2006-3465) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23886 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23886 title Mandrake Linux Security Advisory : libtiff (MDKSA-2006:137) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:137. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(23886); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_xref(name:"MDKSA", value:"2006:137"); script_name(english:"Mandrake Linux Security Advisory : libtiff (MDKSA-2006:137)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library : Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is used to read two unsigned shorts from the input file. While a bounds check is performed via CheckDirCount(), no action is taken on the result allowing a pathological tdir_count to read an arbitrary number of unsigned shorts onto a stack buffer. (CVE-2006-3459) A heap overflow vulnerability was discovered in the jpeg decoder, where TIFFScanLineSize() is documented to return the size in bytes that a subsequent call to TIFFReadScanline() would write, however the encoded jpeg stream may disagree with these results and overrun the buffer with more data than expected. (CVE-2006-3460) Another heap overflow exists in the PixarLog decoder where a run length encoded data stream may specify a stride that is not an exact multiple of the number of samples. The result is that on the final decode operation the destination buffer is overrun, potentially allowing an attacker to execute arbitrary code. (CVE-2006-3461) The NeXT RLE decoder was also vulnerable to a heap overflow vulnerability, where no bounds checking was performed on the result of certain RLE decoding operations. This was solved by ensuring the number of pixels written did not exceed the size of the scanline buffer already prepared. (CVE-2006-3462) An infinite loop was discovered in EstimateStripByteCounts(), where a 16bit unsigned short was used to iterate over a 32bit unsigned value, should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the loop would never terminate and continue forever. (CVE-2006-3463) Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations deisgned to ensure the offsets specified in tiff directories are legitimate. These can be caused to wrap for extreme values, bypassing sanity checks. Additionally, a number of codepaths were uncovered where assertions did not hold true, resulting in the client application calling abort(). (CVE-2006-3464) A flaw was also uncovered in libtiffs custom tag support, as documented here http://www.libtiff.org/v3.6.0.html. While well formed tiff files must have correctly ordered directories, libtiff attempts to support broken images that do not. However in certain circumstances, creating anonymous fields prior to merging field information from codec information can result in recognised fields with unexpected values. This state results in abnormal behaviour, crashes, or potentially arbitrary code execution. (CVE-2006-3465) The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-devel-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-static-devel-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"libtiff-progs-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-devel-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-static-devel-3.6.1-12.6.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-230-01.NASL description New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program last seen 2020-06-01 modified 2020-06-02 plugin id 22236 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22236 title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : libtiff (SSA:2006-230-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-230-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(22236); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"SSA", value:"2006-230-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : libtiff (SSA:2006-230-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user. Thanks to Tavis Ormandy and the Google Security Team." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?27722a90" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/02"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"current", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2006-878.NASL description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24166 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24166 title Fedora Core 4 : libtiff-3.7.1-6.fc4.3 (2006-878) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-878. # include("compat.inc"); if (description) { script_id(24166); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-878"); script_name(english:"Fedora Core 4 : libtiff-3.7.1-6.fc4.3 (2006-878)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-August/000472.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7022911b" ); script_set_attribute( attribute:"solution", value: "Update the affected libtiff, libtiff-debuginfo and / or libtiff-devel packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"libtiff-3.7.1-6.fc4.3")) flag++; if (rpm_check(release:"FC4", reference:"libtiff-debuginfo-3.7.1-6.fc4.3")) flag++; if (rpm_check(release:"FC4", reference:"libtiff-devel-3.7.1-6.fc4.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0648.NASL description Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22293 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22293 title RHEL 2.1 / 3 : kdegraphics (RHSA-2006:0648) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0648. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(22293); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-2024", "CVE-2006-2025", "CVE-2006-2026", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"RHSA", value:"2006:0648"); script_name(english:"RHEL 2.1 / 3 : kdegraphics (RHSA-2006:0648)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-2024" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-2025" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-2026" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3459" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3460" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3461" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3462" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3463" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3464" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3465" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0648" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics and / or kdegraphics-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0648"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-2.2.2-4.4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-devel-2.2.2-4.4")) flag++; if (rpm_check(release:"RHEL3", reference:"kdegraphics-3.1.3-3.10")) flag++; if (rpm_check(release:"RHEL3", reference:"kdegraphics-devel-3.1.3-3.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0603.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22161 published 2006-08-07 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22161 title CentOS 3 / 4 : libtiff (CESA-2006:0603) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0603 and # CentOS Errata and Security Advisory 2006:0603 respectively. # include("compat.inc"); if (description) { script_id(22161); script_version("1.22"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-2656", "CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465"); script_bugtraq_id(19287); script_xref(name:"RHSA", value:"2006:0603"); script_name(english:"CentOS 3 / 4 : libtiff (CESA-2006:0603)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013105.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15313995" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013110.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e39be2fb" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013120.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac745cf6" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013121.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f193bb64" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"libtiff-3.5.7-25.el3.4")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"libtiff-devel-3.5.7-25.el3.4")) flag++; if (rpm_check(release:"CentOS-4", reference:"libtiff-3.6.1-12")) flag++; if (rpm_check(release:"CentOS-4", reference:"libtiff-devel-3.6.1-12")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-877.NASL description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24165 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24165 title Fedora Core 5 : libtiff-3.7.4-8 (2006-877) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-330-1.NASL description Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application last seen 2020-06-01 modified 2020-06-02 plugin id 27909 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27909 title Ubuntu 5.04 / 5.10 / 6.06 LTS : tiff vulnerabilities (USN-330-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0603.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22149 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22149 title RHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0603) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-07.NASL description The remote host is affected by the vulnerability described in GLSA-200608-07 (libTIFF: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team discovered several heap and stack-based buffer overflows and other flaws in libTIFF. The affected parts include the TIFFFetchShortPair(), TIFFScanLineSize() and EstimateStripByteCounts() functions, and the PixarLog and NeXT RLE decoders. Impact : A remote attacker could entice a user to open a specially crafted TIFF file, resulting in the possible execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22165 published 2006-08-07 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22165 title GLSA-200608-07 : libTIFF: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0648.NASL description From Red Hat Security Advisory 2006:0648 : Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67404 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67404 title Oracle Linux 3 : kdegraphics (ELSA-2006-0648)
Oval
| accepted | 2013-04-29T04:14:26.186-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11497 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
bulletinFamily exploit description LibTiff是负责对TIFF图象格式进行编码/解码的应用库。 TIFF库中存在多个安全漏洞,具体如下: CVE-2006-3459 多个栈溢出漏洞可能允许执行任意代码。 CVE-2006-3460 JPEG解码器中存在堆溢出漏洞。 CVE-2006-3461 PixarLog解码器中存在堆溢出漏洞。 CVE-2006-3462 NeXT RLE解码器中存在堆溢出漏洞。 CVE-2006-3463 循环中16位的无符短型用于迭代32位的无符值,因此循环不会终止,导致死循环。 CVE-2006-3464 libtiff中存在多个未经检查的算术操作,包括用于确保TIFF目录中所指定偏移合法性的各种操作。 CVE-2006-3465 libtiff自定义标签支持中的漏洞可能导致异常、崩溃或执行任意代码。 Apple Mac OS X 10.4.7 Apple Mac OS X 10.3.9 Apple MacOS X Server 10.4.7 Apple MacOS X Server 10.3.9 Debian Linux 3.1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 LibTIFF LibTIFF <= 3.8.2 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: * Apple SecUpdSrvr2006-004Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat=1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat=1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg</a> * Apple SecUpd2006-004Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat=1&platform=osx&method=sa/SecUpd2006-004Pan.dmg" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat=1&platform=osx&method=sa/SecUpd2006-004Pan.dmg</a> * Apple SecUpd2006-004Intel.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat=1&platform=osx&method=sa/SecUpd2006-004Intel.dmg" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat=1&platform=osx&method=sa/SecUpd2006-004Intel.dmg</a> Debian ------ Debian已经为此发布了一个安全公告(DSA-1137-1)以及相应补丁: DSA-1137-1:New tiff packages fix several vulnerabilities 链接:<a href="http://www.debian.org/security/2005/dsa-1137" target="_blank">http://www.debian.org/security/2005/dsa-1137</a> 补丁下载: Source archives: <a href="http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc</a> Size/MD5 checksum: 736 ce0ffb8cdd1130153deaefa8b59abe81 <a href="http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz</a> Size/MD5 checksum: 17174 ff485016221ededfc8ce649538322211 <a href="http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz</a> Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00 Alpha architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb</a> Size/MD5 checksum: 47112 a4f7feea087ba03a84f745ee79a7ff56 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb</a> Size/MD5 checksum: 243840 f7abb618f36082be959f6e3c9a99cf8f <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb</a> Size/MD5 checksum: 479064 c137c6857ed320928f182115fbd94b21 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb</a> Size/MD5 checksum: 311206 c202ef6404c23ea7dc999c03e586c07f <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb</a> Size/MD5 checksum: 41228 53c5979e8c2556e5a19607c19e862368 AMD64 architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb</a> Size/MD5 checksum: 46036 bc6d0c7db57a1dcae4b8dd65b4640243 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb</a> Size/MD5 checksum: 218060 d09ef1de8b31f074d2f05c7522858cf1 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb</a> Size/MD5 checksum: 459964 8be097d74ac788d87a8358b8f9e68d79 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb</a> Size/MD5 checksum: 267872 cc0a4241cd53de29b561286fcd91cf2c <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb</a> Size/MD5 checksum: 40804 136bc49ad0c85dc6fa9f61242cf97c05 ARM architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb</a> Size/MD5 checksum: 45536 0253b94c6f94a33c9942568f9093fedd <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb</a> Size/MD5 checksum: 208630 45e2ef6af43bfbddb4aee00b659d287a <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb</a> Size/MD5 checksum: 454194 354e1b4560b4a407c4b4faf5d2555b20 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb</a> Size/MD5 checksum: 266148 f535b441d81a7786815d954c843b9c81 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb</a> Size/MD5 checksum: 40304 fcd0980c8fc2dedaa8a6380e0d4736bd Intel IA-32 architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb</a> Size/MD5 checksum: 45400 e51d8f157a2ef94cbc4e893f756be29a <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb</a> Size/MD5 checksum: 206412 69a3c66b2c9733653e6e7f667ab260b3 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb</a> Size/MD5 checksum: 453078 267f8f361f0dc87f40c8bc37d4785f57 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb</a> Size/MD5 checksum: 252412 5720af1515d6c9ce04f0e7abea045955 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb</a> Size/MD5 checksum: 40850 18710ba8ae073bd5a6e7b3c299cbae23 Intel IA-64 architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb</a> Size/MD5 checksum: 48512 c57280d747f62859c4477a0f1dcbcfef <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb</a> Size/MD5 checksum: 269156 277ad4a79cd2148991134c6ed8c029fe <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb</a> Size/MD5 checksum: 511782 4b64fd28c917e7e2e158c7244cfc892d <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb</a> Size/MD5 checksum: 331790 614a46318d671800caab21e26df9c1bf <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb</a> Size/MD5 checksum: 42450 af80a3234e174d9f15bbb4e68d2b558f HP Precision architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb</a> Size/MD5 checksum: 46846 e863b11db8f25a221776ea306eeb1539 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb</a> Size/MD5 checksum: 230316 9ccb777cf49096a2dabf144de609b83c <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb</a> Size/MD5 checksum: 473764 6938692095c40fba1f5feca1efd243a8 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb</a> Size/MD5 checksum: 282648 68ffb8ebaac2404aa1f9a709e83abfc6 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb</a> Size/MD5 checksum: 41476 4327a6e2887ab7d5bb69d0476186d69e Motorola 680x0 architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb</a> Size/MD5 checksum: 45408 e33d428b54a5776181803c28475e2a30 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb</a> Size/MD5 checksum: 193578 d7f3db57205002a50354df9cc1e74767 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb</a> Size/MD5 checksum: 443280 2e982f2b17745777ff6e249f627b1b4c <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb</a> Size/MD5 checksum: 235056 c362aaa8589f44a3dc533143c37fd16b <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb</a> Size/MD5 checksum: 40450 279a59887fd7a90b9d92415a07fe87f1 Big endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb</a> Size/MD5 checksum: 46300 c26b165f7098aa083170b90c8002406e <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb</a> Size/MD5 checksum: 252404 77b6d4382ee49bab1d3b94ea69d3bd88 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb</a> Size/MD5 checksum: 459088 34e8d02f8bac8bc4b059bc36109dda66 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb</a> Size/MD5 checksum: 281156 c2bf726c93de2c1ce1cb289d65fec892 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb</a> Size/MD5 checksum: 41086 85b8389df1df050f12fd87488ab46c02 Little endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb</a> Size/MD5 checksum: 46256 8a1cc8fbd9e7679f2ec722f46a300fe1 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb</a> Size/MD5 checksum: 252820 876a24a6b4b49d19eb2d425f7271528e <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb</a> Size/MD5 checksum: 459392 f1d09bb13a31f8ec73922f50d538b073 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb</a> Size/MD5 checksum: 280986 eff50ab58f511148d9d56ecbbc02c162 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb</a> Size/MD5 checksum: 41066 7490a101b2de00f6f458359f64b05daa PowerPC architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb</a> Size/MD5 checksum: 47462 3eaaac85e15b48dd1add1fb314de9b74 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb</a> Size/MD5 checksum: 235624 2d13e7c1769aab6d8a051817009d10ca <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb</a> Size/MD5 checksum: 461300 94dddf225b2130da2daca1ec54b2c0b0 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb</a> Size/MD5 checksum: 272868 0517f72923504549f4acf0fab1e1924f <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb</a> Size/MD5 checksum: 42658 9dd0f68f37713263bc9a729d7216b35f IBM S/390 architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb</a> Size/MD5 checksum: 46422 039bfe0dde0063b276a57c1414a6d9ca <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb</a> Size/MD5 checksum: 214056 b87d71aa653f45726d3b4ecd60b226b3 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb</a> Size/MD5 checksum: 466474 6b6e2dd8152760e65d2af459deac62fc <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb</a> Size/MD5 checksum: 267648 fc8d5662348991874f47953f20102b38 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb</a> Size/MD5 checksum: 41078 090b4edea314fadf183bb31fd891be34 Sun Sparc architecture: <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb</a> Size/MD5 checksum: 45706 955588f87bf3796b962c6f18ad5ecbb3 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb</a> Size/MD5 checksum: 205502 710eb39e993e988dcc1abc5cefd2f559 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb</a> Size/MD5 checksum: 455492 76e4acd2000175c52d60f6b6f53aaa25 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb</a> Size/MD5 checksum: 258764 c33aacda7a8162ff5ba7fd9399e347a6 <a href="http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb</a> Size/MD5 checksum: 40806 cefaef4ab3ed03fdeeec97a40081721f 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2006:0603-01)以及相应补丁: RHSA-2006:0603-01:Important: libtiff security update 链接:<a href="http://lwn.net/Alerts/194067" target="_blank">http://lwn.net/Alerts/194067</a> id SSV:405 last seen 2017-11-19 modified 2006-11-04 published 2006-11-04 reporter Root title Libtiff图形库多个安全漏洞 bulletinFamily exploit description BUGTRAQ ID: 38195 CVE ID: CVE-2010-0188,CVE-2006-3459 Adobe Reader和Acrobat都是非常流行的PDF文件阅读器。 Adobe Reader和Acrobat采用的开源TIFF图像解析库libtiff实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户打开处理包含恶意TIFF图像的PDF文档在用户系统上执行任意指令,从而控制用户系统。 此安全问题其实是一个老漏洞(CVE-2006-3459)在Adobe产品中的重现。 Adobe Acrobat < 9.3.1 Adobe Acrobat < 8.2.1 Adobe Reader < 9.3.1 Adobe Reader < 8.2.1 临时解决方法: * 禁止浏览器自动打开PDF文档。 * 禁用JavaScript。 厂商补丁: Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.adobe.com/support/security/bulletins/apsb10-07.html id SSV:19156 last seen 2017-11-19 modified 2010-02-20 published 2010-02-20 reporter Root title Adobe Reader和Acrobat TIFF图像处理缓冲区溢出漏洞
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
- http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
- http://lwn.net/Alerts/194228/
- http://secunia.com/advisories/21253
- http://secunia.com/advisories/21274
- http://secunia.com/advisories/21290
- http://secunia.com/advisories/21304
- http://secunia.com/advisories/21319
- http://secunia.com/advisories/21334
- http://secunia.com/advisories/21338
- http://secunia.com/advisories/21346
- http://secunia.com/advisories/21370
- http://secunia.com/advisories/21392
- http://secunia.com/advisories/21501
- http://secunia.com/advisories/21537
- http://secunia.com/advisories/21598
- http://secunia.com/advisories/21632
- http://secunia.com/advisories/22036
- http://secunia.com/advisories/27181
- http://secunia.com/advisories/27222
- http://secunia.com/advisories/27832
- http://secunia.com/blog/76
- http://securitytracker.com/id?1016628
- http://securitytracker.com/id?1016671
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
- http://www.debian.org/security/2006/dsa-1137
- http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
- http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
- http://www.osvdb.org/27723
- http://www.redhat.com/support/errata/RHSA-2006-0603.html
- http://www.redhat.com/support/errata/RHSA-2006-0648.html
- http://www.securityfocus.com/bid/19283
- http://www.securityfocus.com/bid/19289
- http://www.ubuntu.com/usn/usn-330-1
- http://www.us-cert.gov/cas/techalerts/TA06-214A.html
- http://www.vupen.com/english/advisories/2006/3101
- http://www.vupen.com/english/advisories/2006/3105
- http://www.vupen.com/english/advisories/2007/3486
- http://www.vupen.com/english/advisories/2007/4034
- https://issues.rpath.com/browse/RPL-558
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497