- Sun Alert ID: 101677 (formerly 57769)
- Synopsis: Multiple Security Vulnerabilities in libtiff(3)
- Category: Security
- Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 7 Operating System, Solaris 8 Operating System
- BugIDs: 6217996, 6203734, 6203747, 6203736
- Avoidance: Patch, Workaround
- State: Workaround
- Date Released: 25-Apr-2005
- Date Closed:
- Date Modified: 06-Jul-2005, 29-Aug-2005, 26-Oct-2005
1. Impact
Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. These vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that local user has loaded a TIFF image file (.tiff) supplied by an untrusted user. The remote user may be able to crash the TIFF image viewing program as well. The TIFF image files may be picked up in e-mail or from an untrusted web site.
These issues are described in the following documents:
- CERT Vulnerability VU#948752 (see: http://www.kb.cert.org/vuls/id/948752) which is referenced in CAN-2004-0803 (see: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803)
- CERT Vulnerability VU#555304 (see: http://www.kb.cert.org/vuls/id/555304) which is referenced in CAN-2004-0804 (see: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804)
- CERT Vulnerability VU#687568 (See: http://www.kb.cert.org/vuls/id/687568) which is referenced in CAN-2004-0886 (see: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886)
- CERT Vulnerability VU#125598 (see: http://www.kb.cert.org/vuls/id/125598) which is referenced in CAN-2004-1308 (see: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308)
- CERT Vulnerability VU#539110 (see: http://www.kb.cert.org/vuls/id/539110) which is referenced in CAN-2004-1307 (see: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1307)
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Solaris 7 (OpenWindows) without patch 118953-02
- Solaris 8 (CDE) without patch 109931-10
- Solaris 9 (CDE) without patch 114219-11
- Solaris 9 (with package SUNWTiff or SUNWTiffx)
- Solaris 10 (with package SUNWTiff installed) without patch 119900-01
x86 Platform
- Solaris 7 (OpenWindows) without patch 118954-02
- Solaris 8 (CDE) without patch 109932-10
- Solaris 9 (CDE) without patch 114220-11
- Solaris 9 (with package SUNWTiff or SUNWTiffx)
- Solaris 10 (with package SUNWTiff installed) without patch 119901-01
Note 1:
In Solaris 8 the libtiff(3) library may be installed in the following directories:
/usr/openwin/lib (OpenWindows)
/usr/dt/lib/sdtimage (CDE)
In Solaris 9 the libtiff(3) library may be installed in the following directories:
/usr/sfw/lib(SUNWTiff)
/usr/sfw/lib/sparcv9 (SUNWTiffx)
/usr/openwin/lib(OpenWindows)
/usr/dt/lib/sdtimage (CDE)
In Solaris 10 the libtiff(3) library may be installed in the following directories:
/usr/lib
/usr/lib/sparcv9
Note 2:
Sun includes libtiff(3) on the Solaris Companion CD for Solaris 8 (http://wwws.sun.com/software/solaris/freeware/index.html) as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using libtiff from the Solaris Companion CD will have to upgrade to a later version.
3. Symptoms
There are no reliable symptoms that would show the described issues have been exploited.
| Solution Summary | Top |
4. Relief/Workaround
To work around the described issues, do not load TIFF images from untrusted sources.
5. Resolution
These issues are addressed in the following releases:
SPARC Platform
- Solaris 7 (OpenWindows) with patch 118953-02 or later
- Solaris 8 (CDE) with patch 109931-10 or later
- Solaris 9 (CDE) with patch 114219-11 or later
- Solaris 10 (with package SUNWTiff installed) with patch 119900-01 or later
x86 Platform
- Solaris 7 (OpenWindows) with patch 118954-02 or later
- Solaris 8 (CDE) with patch 109932-10 or later
- Solaris 9 (CDE) with patch 114220-11 or later
- Solaris 10 (with package SUNWTiff installed) with patch 119901-01 or later
Note: This issue is not yet resolved in Solaris 9 (with package SUNWTiff or SUNWTiffx)
A final resolution is pending completion.
Change History
- Updated Contributing Factors and Resolution sections
- Updated Contributing Factors and Resolution sections
- Updated Impact section
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Sun Contracted Content
Sun Contracted Feature
