Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3) |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
|
| Bug Id : | 6412202
|
| Date of Workaround Release : | 11-OCT-2007
|
| Date of Resolved Release : | 03-Sep-2008
|
Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3)
1. Impact
Multiple security
vulnerabilities in the Solaris Tag Image File Format library
(libtiff(3)) may allow a local or remote unprivileged user to crash
applications that dynamically link to the "libtiff" library and execute
arbitrary code with the privileges of a local user. The ability to
crash an application that links to the "libtiff" library is a type of
Denial of Service (DoS). Solaris ships several applications as part of
the GNOME Desktop Environment that dynamically link with the "libtiff"
library.
These issues are described in the following documents:
CVE-2006-2024 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
CVE-2006-2025 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
CVE-2006-2026 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
Sun acknowledges with thanks, Tavis Ormandy from the Google Security Team for bringing these issues to our attention.
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform
x86 Platform
3. Symptoms
There are no predictable
symptoms that would indicate these issues have been exploited to cause
a Denial of Service or execute arbitrary code with the privileges of a
local user.
4. Workaround
The stack overflow security
issues referenced in this document may be worked around by using the
"noexec_user_stack" option. This can be achieved by editing the
"/etc/system" file and adding the following lines:
set noexec_user_stack = 1
set noexec_user_stack_log = 1
Note: A reboot will be
necessary in order for this change to take effect. See system(4) for
more information on modifying the "/etc/system" file.
To workaround the remaining issues described in this document, do not load images from untrusted sources.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
For more information
on Security Sun Alerts, see Technical
Instruction
ID 213557.
This Sun Alert
notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems,
Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.Modification History12-Nov-2007: Updated Impact section for corrected CVE references
29-Nov-2007: Updated Contributing Factors and Resolution sections
03-Sep-2008: Updated Contributing Factors and Resolution sections; now Resolved
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
