Vulnerabilities > CVE-2008-0553 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TCL TK TCL TK

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
tcl-tk
CWE-119
nessus
NVD
Published: 2008-02-07
Updated: 2018-10-15

Summary

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

Vulnerable Configurations

Part Description Count
Application
Tcl_Tk
69

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0134.NASL
    descriptionUpdated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31139
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31139
    titleCentOS 3 : tcltk (CESA-2008:0134)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-664-1.NASL
    descriptionIt was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37631
    published2009-04-23
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37631
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS : tk8.0, tk8.3, tk8.4 vulnerability (USN-664-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0134.NASL
    descriptionUpdated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31160
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31160
    titleRHEL 2.1 / 3 : tcltk (RHSA-2008:0134)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0136.NASL
    descriptionUpdated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31141
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31141
    titleCentOS 5 : tk (CESA-2008:0136)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0136.NASL
    descriptionFrom Red Hat Security Advisory 2008:0136 : Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id67655
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67655
    titleOracle Linux 5 : tk (ELSA-2008-0136)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1323.NASL
    description - Tue Feb 5 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-3 - fix #431529 gif overflow in tk (see also #431518) - Fri Jan 4 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-2 - add relevant parts of debian patch - add patch for #235666 - Wed Jan 2 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-1 - version upgrade - fix #210718 SIGSEGV on exit from texdoctk - fix #234404 Cannot manage big listboxes - fix #235666 Segfault occurs when using Perl-Tk on FC6 - Wed Dec 19 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.027-13 - fix BR Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30238
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30238
    titleFedora 8 : perl-Tk-804.028-3.fc8 (2008-1323)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1384.NASL
    description - Tue Feb 5 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-3 - fix #431529 gif overflow in tk (see also #431518) - Fri Jan 4 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-2 - add relevant parts of debian patch - add patch for #235666 - Wed Jan 2 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.028-1 - version upgrade - fix #210718 SIGSEGV on exit from texdoctk - fix #234404 Cannot manage big listboxes - fix #235666 Segfault occurs when using Perl-Tk on FC6 - Wed Dec 19 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.027-13 - fix BR - Wed Aug 22 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 804.027-12 - rebuild for buildid Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30239
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30239
    titleFedora 7 : perl-Tk-804.028-3.fc7 (2008-1384)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0135.NASL
    descriptionFrom Red Hat Security Advisory 2008:0135 : Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 22 February 2008] The packages in this errata were originally pushed to the wrong Red Hat Network channels and were not available to all users. We have updated this errata with the correct channels. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id67654
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67654
    titleOracle Linux 4 : tk (ELSA-2008-0135)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-529-1.NASL
    descriptionIt was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28134
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28134
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : tk8.3, tk8.4 vulnerability (USN-529-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TKIMG-5320.NASL
    descriptionThis update fixes two vulnerabilities while parsing GIF images. (CVE-2008-0553, CVE-2006-4484)
    last seen2020-06-01
    modified2020-06-02
    plugin id33122
    published2008-06-09
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33122
    titleopenSUSE 10 Security Update : tkimg (tkimg-5320)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12071.NASL
    descriptionSpecially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code. (CVE-2008-0553)
    last seen2020-06-01
    modified2020-06-02
    plugin id41195
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41195
    titleSuSE9 Security Update : Tk (YOU Patch Number 12071)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TKIMG-5328.NASL
    descriptionThis update fixes two vulnerabilities while parsing GIF images. (CVE-2008-0553, CVE-2006-4484)
    last seen2020-06-01
    modified2020-06-02
    plugin id33123
    published2008-06-09
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33123
    titleopenSUSE 10 Security Update : tkimg (tkimg-5328)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0135.NASL
    descriptionUpdated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 22 February 2008] The packages in this errata were originally pushed to the wrong Red Hat Network channels and were not available to all users. We have updated this errata with the correct channels. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31161
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31161
    titleRHEL 4 : tk (RHSA-2008:0135)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0134.NASL
    descriptionFrom Red Hat Security Advisory 2008:0134 : Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id67653
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67653
    titleOracle Linux 3 : tcltk (ELSA-2008-0134)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-200.NASL
    descriptionA vulnerability in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27519
    published2007-10-19
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27519
    titleMandrake Linux Security Advisory : tk (MDKSA-2007:200)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1491.NASL
    descriptionIt was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id30230
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30230
    titleDebian DSA-1491-1 : tk8.4 - buffer overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0136.NASL
    descriptionUpdated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31162
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31162
    titleRHEL 5 : tk (RHSA-2008:0136)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-041.NASL
    descriptionThe ReadImage() function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36297
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36297
    titleMandriva Linux Security Advisory : tk (MDVSA-2008:041)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1122.NASL
    descriptionThe new version of tk, which brings some bug fixes f.e. better functionality on 64bits. Fixed security issue - buffer overflow in gif parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30234
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30234
    titleFedora 8 : tk-8.4.17-2.fc8 (2008-1122)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1131.NASL
    descriptionFixed security issue - buffer overflow in gif parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30235
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30235
    titleFedora 7 : tk-8.4.13-7.fc7 (2008-1131)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79961
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79961
    titleGLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1416.NASL
    descriptionIt was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code. Due to the technical limitation in the Debian archive scripts the update for the old stable distribution (sarge) cannot be released in sync with the update for the stable distribution. It will be provided in the next days.
    last seen2020-06-01
    modified2020-06-02
    plugin id28339
    published2007-11-29
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28339
    titleDebian DSA-1416-1 : tk8.3 - buffer overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3621.NASL
    description - Mon May 5 2008 Sergio Pascual <sergiopr at fedoraproject.org> - 1.3-0.10.20080505svn - New upstream source - Including fooConfig.sh files in -devel - Making symlinks of shared libraries in libdir - Removing file in ld.so.conf.d - Fixing bug #444872 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32328
    published2008-05-16
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32328
    titleFedora 9 : tkimg-1.3-0.10.20080505svn.fc9 (2008-3621)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080221_TCLTK_ON_SL3_X.NASL
    descriptionAn input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id60362
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60362
    titleScientific Linux Security Update : tcltk on SL3.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080221_TK_ON_SL4_X.NASL
    descriptionAn input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id60363
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60363
    titleScientific Linux Security Update : tk on SL4.x, SL5.x i386/x86_64
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0009.NASL
    descriptiona. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id40378
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40378
    titleVMSA-2008-0009 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TK-4973.NASL
    descriptionSpecially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code (CVE-2008-0553).
    last seen2020-06-01
    modified2020-06-02
    plugin id31846
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31846
    titleopenSUSE 10 Security Update : tk (tk-4973)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0135.NASL
    descriptionUpdated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 22 February 2008] The packages in this errata were originally pushed to the wrong Red Hat Network channels and were not available to all users. We have updated this errata with the correct channels. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk
    last seen2020-06-01
    modified2020-06-02
    plugin id31140
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31140
    titleCentOS 4 : tk (CESA-2008:0135)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1490.NASL
    descriptionIt was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id30229
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30229
    titleDebian DSA-1490-1 : tk8.3 - buffer overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3545.NASL
    description - Bug #431518 - CVE-2008-0553 tk: GIF handling buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32205
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32205
    titleFedora 7 : tkimg-1.3-0.8.20080505svn.fc7 (2008-3545)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1598.NASL
    descriptionIt was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id33230
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33230
    titleDebian DSA-1598-1 : libtk-img - buffer overflow
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1415.NASL
    descriptionIt was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id28338
    published2007-11-29
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28338
    titleDebian DSA-1415-1 : tk8.4 - buffer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TK-4974.NASL
    descriptionSpecially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code. (CVE-2008-0553)
    last seen2020-06-01
    modified2020-06-02
    plugin id31847
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31847
    titleSuSE 10 Security Update : Tk (ZYPP Patch Number 4974)

Oval

accepted2013-04-29T04:01:36.310-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionStack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
familyunix
idoval:org.mitre.oval:def:10098
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleStack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
version27

Redhat

advisories
  • bugzilla
    id431518
    titleCVE-2008-0553 tk: GIF handling buffer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenttk-devel is earlier than 0:8.4.7-3.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20080135001
          • commenttk-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20080135002
        • AND
          • commenttk is earlier than 0:8.4.7-3.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20080135003
          • commenttk is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20080135004
    rhsa
    idRHSA-2008:0135
    released2008-02-22
    severityModerate
    titleRHSA-2008:0135: tk security update (Moderate)
  • bugzilla
    id431518
    titleCVE-2008-0553 tk: GIF handling buffer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttk is earlier than 0:8.4.13-5.el5_1.1
            ovaloval:com.redhat.rhsa:tst:20080136001
          • commenttk is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080136002
        • AND
          • commenttk-devel is earlier than 0:8.4.13-5.el5_1.1
            ovaloval:com.redhat.rhsa:tst:20080136003
          • commenttk-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080136004
    rhsa
    idRHSA-2008:0136
    released2008-02-21
    severityModerate
    titleRHSA-2008:0136: tk security update (Moderate)
  • rhsa
    idRHSA-2008:0134
rpms
  • expect-0:5.38.0-75
  • expect-0:5.38.0-92.8
  • expect-devel-0:5.38.0-92.8
  • itcl-0:3.2-75
  • itcl-0:3.2-92.8
  • tcl-0:8.3.3-75
  • tcl-0:8.3.5-92.8
  • tcl-devel-0:8.3.5-92.8
  • tcllib-0:1.0-75
  • tcltk-debuginfo-0:8.3.5-92.8
  • tclx-0:8.3-75
  • tclx-0:8.3-92.8
  • tix-0:8.2.0b1-75
  • tix-1:8.1.4-92.8
  • tk-0:8.3.3-75
  • tk-0:8.3.5-92.8
  • tk-devel-0:8.3.5-92.8
  • tk-0:8.4.7-3.el4_6.1
  • tk-debuginfo-0:8.4.7-3.el4_6.1
  • tk-devel-0:8.4.7-3.el4_6.1
  • tk-0:8.4.13-5.el5_1.1
  • tk-debuginfo-0:8.4.13-5.el5_1.1
  • tk-devel-0:8.4.13-5.el5_1.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 27655 CVE(CAN) ID: CVE-2008-0553 Tcl是一种简明,高效,可移植的编程语言。 在Tcl的Tk工具包中,tkImgGIF.c文件的ReadImage()函数没有正确地验证从GIF图形中所读取的initialCodeSize值。如果用户受骗打开了恶意的GIF图形文件的话,就可能触发栈溢出,导致执行任意指令。 John Ousterhout Tcl &lt; 8.5.1 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1491-1)以及相应补丁: DSA-1491-1:New tk8.4 packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1491 target=_blank>http://www.debian.org/security/2008/dsa-1491</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz</a> Size/MD5 checksum: 3266500 1b64258abaf258e9a86f331d8de17a71 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.diff.gz</a> Size/MD5 checksum: 19342 41a2a5bc9b62ecb6bbae8ef6bf9cc23d <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc</a> Size/MD5 checksum: 672 591b8bd996be45daee43dcb0cd1f8815 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge2_all.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge2_all.deb</a> Size/MD5 checksum: 775312 89ad74c73bdfed9b2811a05a08b5fe92 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_alpha.deb</a> Size/MD5 checksum: 940460 5118b63aafb55fd885d6360361e39e7c <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_alpha.deb</a> Size/MD5 checksum: 1031446 68fefac513706a03f7c7fb7fcd04d9b9 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_amd64.deb</a> Size/MD5 checksum: 810124 632854f78763d41d1b9d65b5da1b2909 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_amd64.deb</a> Size/MD5 checksum: 976424 21a43a779b8ed88bc57a37b779380caa arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_arm.deb</a> Size/MD5 checksum: 823992 161c57a5130d0be1a0538531b33b344c <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_arm.deb</a> Size/MD5 checksum: 945242 357bd0c48a6582112b2266d4e816e3e7 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_hppa.deb</a> Size/MD5 checksum: 912888 10d8447e4958053c0c6526e4da09e0fb <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_hppa.deb</a> Size/MD5 checksum: 1046614 3c2f17f53f9556f47c953d96495c4a40 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_i386.deb</a> Size/MD5 checksum: 956188 e5622c965da1e8d140f2e4f200133d00 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_i386.deb</a> Size/MD5 checksum: 793374 1c69c159005de29b0972924005776eb8 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_ia64.deb</a> Size/MD5 checksum: 1053448 3d8a54d72c65db72771171b86a4a12fa <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_ia64.deb</a> Size/MD5 checksum: 1182510 050234d3ee71b5aca66e9a743804239c m68k architecture (Motorola Mc680x0) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_m68k.deb</a> Size/MD5 checksum: 696458 35db6210d983f12250e0970c17b2e31b <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_m68k.deb</a> Size/MD5 checksum: 909280 9c61aac16b366c5c05eedb2022e72ed6 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mips.deb</a> Size/MD5 checksum: 838884 f4509833e2022ff4c9251526697db137 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mips.deb</a> Size/MD5 checksum: 974098 ebedb583012e093aafeeb2185ddd20cf mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mipsel.deb</a> Size/MD5 checksum: 834690 6dadf0e560251c7c3374e7084e8da83b <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mipsel.deb</a> Size/MD5 checksum: 972004 d66acaffd44af8463f74710a7601fefd powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_powerpc.deb</a> Size/MD5 checksum: 972350 f4a9e8bf74f42b25c34db8f1568c9d8d <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_powerpc.deb</a> Size/MD5 checksum: 810052 e9701b9dca60a3fdd84c46c1f555dd83 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_s390.deb</a> Size/MD5 checksum: 807464 d4d73b1478eae680b2003fdec6f4ceb3 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_s390.deb</a> Size/MD5 checksum: 979890 8bfb0cc0fd20a4b0d8487df2e692add8 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_sparc.deb</a> Size/MD5 checksum: 958298 31f02fcdbb4063289c50e3e92cef6378 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_sparc.deb</a> Size/MD5 checksum: 806214 3cb0e95afa875185fe457ef7d317f9db Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.dsc target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.dsc</a> Size/MD5 checksum: 673 8a67dd58d45ad9c4705102a2de8d6987 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz</a> Size/MD5 checksum: 3245547 316491cb82d898b434842353aed1f0d6 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.diff.gz</a> Size/MD5 checksum: 21747 77aa57e251bf839048c9048af5ba20ad Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch2_all.deb</a> Size/MD5 checksum: 788438 d8614ab0eeaea332d7f85b7635093c98 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_alpha.deb</a> Size/MD5 checksum: 968030 3fc751321940ad0bbc2322e48b6e8339 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_alpha.deb</a> Size/MD5 checksum: 1050864 c3dc809a22c8690810ef707a52f8b1fe amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_amd64.deb</a> Size/MD5 checksum: 1008902 80d89dcf9bc8d600269584bbe2f28e91 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_amd64.deb</a> Size/MD5 checksum: 839362 58db7235b1da2ea5e3ee391f8224c5f3 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_arm.deb</a> Size/MD5 checksum: 793906 375b065e080b63584ab7ee902d4e70e0 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_arm.deb</a> Size/MD5 checksum: 971658 226561f98ba563d0903a60f1f694fef7 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_hppa.deb</a> Size/MD5 checksum: 1073442 46ecf3cef8d61feba191f9c9d3f5cc2e <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_hppa.deb</a> Size/MD5 checksum: 931724 00de88d90abc1ec6424b5d0addf6b1c4 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_i386.deb</a> Size/MD5 checksum: 977632 015be44e613a751af013c706c0b87ab2 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_i386.deb</a> Size/MD5 checksum: 820786 586b4a3739f1c4f658e13e70f851d57c ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_ia64.deb</a> Size/MD5 checksum: 1136290 b98650c6ecab03b0fee872e1907411c5 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_ia64.deb</a> Size/MD5 checksum: 1259618 d69ea6067cdb6528be0cd686b5c00696 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mips.deb</a> Size/MD5 checksum: 877896 cf9a61ae0049a26815e56ab2ab02dd87 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mips.deb</a> Size/MD5 checksum: 1000308 149a697aa365874121d524b5f6614d50 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mipsel.deb</a> Size/MD5 checksum: 999208 4d12b599580d276d09b940defe2456da <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mipsel.deb</a> Size/MD5 checksum: 875858 4beeaf45a820b04da0d488246d518c79 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_powerpc.deb</a> Size/MD5 checksum: 998938 49b55bf5805216d61f976585c8528b14 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_powerpc.deb</a> Size/MD5 checksum: 807072 a68c5a00c1d17b0f8070b70f91edca11 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_s390.deb</a> Size/MD5 checksum: 1016866 020ee08295df231dba7100d68f4306b1 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_s390.deb</a> Size/MD5 checksum: 847188 6bfb7c319ef6bf4a1cff60a291b32cca sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_sparc.deb</a> Size/MD5 checksum: 978996 16b0c114b0feb65c39b7d453b294a348 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_sparc.deb</a> Size/MD5 checksum: 826650 baaac055088de0ea43775911f1d6c009 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0136-01)以及相应补丁: RHSA-2008:0136-01:Moderate: tk security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0136.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0136.html</a> John Ousterhout --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.tcl.tk/software/tcltk/download.html target=_blank>http://www.tcl.tk/software/tcltk/download.html</a>
idSSV:3474
last seen2017-11-19
modified2008-06-25
published2008-06-25
reporterRoot
titleTCL/TK Tk工具包ReadImage()函数GIF文件解析栈溢出漏洞

References