[Full-disclosure] UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec Advisory number:SCOSA-2005.34 Issue date: 2005 September 20 Cross reference:sr894564 fz532775 erg712889 CAN-2005-1544 __ 1. Problem Description Tavis Ormandy has reported a vulnerability in libTIFF, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error and can be exploited to cause a buffer overflow via a specially crafted TIFF image containing a malformed BitsPerSample tag. Successful exploitation may allow execution of arbitrary code, if a malicious TIFF image is opened in an application linked against the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2005-1544 to this issue. 2. Vulnerable Supported Versions System Binaries -- UnixWare 7.1.4 Libtiff distribution 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34 4.2 Verification MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download tiff.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/tiff.pkg 5. References Specific references for this advisory: http://bugzilla.remotesensing.org/show_bug.cgi?id=843 http://xforce.iss.net/xforce/xfdb/20533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544 http://secunia.com/advisories/15320 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr894564 fz532775 erg712889. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments The SCO Group would like to thank Travis Ormandy __ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (SCO/SYSV) iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw Gkiduk0ql3ar5iLEWYtpse0= =w5vg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow!! Are they still around?? xyberpix On 20 Sep 2005, at 23:30, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec Advisory number: SCOSA-2005.34 Issue date: 2005 September 20 Cross reference:sr894564 fz532775 erg712889 CAN-2005-1544 __ 1. Problem Description Tavis Ormandy has reported a vulnerability in libTIFF, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error and can be exploited to cause a buffer overflow via a specially crafted TIFF image containing a malformed BitsPerSample tag. Successful exploitation may allow execution of arbitrary code, if a malicious TIFF image is opened in an application linked against the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2005-1544 to this issue. 2. Vulnerable Supported Versions SystemBinaries -- UnixWare 7.1.4 Libtiff distribution 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34 4.2 Verification MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download tiff.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/tiff.pkg 5. References Specific references for this advisory: http://bugzilla.remotesensing.org/show_bug.cgi?id=843 http://xforce.iss.net/xforce/xfdb/20533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544 http://secunia.com/advisories/15320 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr894564 fz532775 erg712889. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments The SCO Group would like to thank Travis Ormandy __ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (SCO/SYSV) iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw Gkiduk0ql3ar5iLEWYtpse0= =w5vg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDMI9FcRMkOnlkwMERAogVAJ9iIcu5rcvOBUZwz07rKr7kCKFhXACfQ5sR HbqOOFF+stywNweLcAK9tWY= =KSpL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec
Wow!! Are they still around?? Yeah, comical isn't it? They frequently release patches for 4-6 month old holes. They are kinda like the Microsoft[1] of the Unix/Linux world. tim 1. http://www.eeye.com/html/research/upcoming/index.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UnixWare 7.1.4 : LibTIFF 3.72 malformed data code exec
Even more comical is how they STILL can't patch that old ftp server of theirs. SITE EXEC loves SCO. Honeypot or stupidity, you decide... [EMAIL PROTECTED]:~$ ftp ftpput.sco.com Connected to ftpput.sco.com. 220 artemis FTP server (Version 2.1WU(1)) ready. Name (ftpput.sco.com:kfinisterre): anonymous 331 Guest login ok, send e-mail address as password. -KF Tim wrote: Wow!! Are they still around?? Yeah, comical isn't it? They frequently release patches for 4-6 month old holes. They are kinda like the Microsoft[1] of the Unix/Linux world. tim 1. http://www.eeye.com/html/research/upcoming/index.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
