Multiple Security Vulnerabilities in libtiff(3)


Category :Security
Release Phase :Resolved
Product :Solaris 9 Operating System
Solaris 10 Operating System
Solaris 7 Operating System
Solaris 8 Operating System  
Bug Id :6217996, 6203734, 6203747, 6203736  
Date of Workaround Release :25-APR-2005 
Date of Resolved Release :04-May-2009 


Impact

Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. These vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that local user has loaded a TIFF image file (.tiff) supplied by an untrusted user. The remote user may be able to crash the TIFF image viewing program as well. The TIFF image files may be picked up in e-mail or from an untrusted web site.

These issues are described in the following documents:


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 7 (OpenWindows) without patch 118953-02
  • Solaris 8 (CDE) without patch 109931-10
  • Solaris 9 (CDE) without patch 114219-11
  • Solaris 9 (with package SUNWTiff or SUNWTiffx)
  • Solaris 10 (with package SUNWTiff installed) without patch 119900-01

x86 Platform

  • Solaris 7 (OpenWindows) without patch 118954-02
  • Solaris 8 (CDE) without patch 109932-10
  • Solaris 9 (CDE) without patch 114220-11
  • Solaris 9 (with package SUNWTiff or SUNWTiffx)
  • Solaris 10 (with package SUNWTiff installed) without patch 119901-01

Note 1:

In Solaris 8 the libtiff(3) library may be installed in the following directories:

    /usr/openwin/lib (OpenWindows)
    /usr/dt/lib/sdtimage (CDE)

In Solaris 9 the libtiff(3) library may be installed in the following directories:

    /usr/sfw/lib(SUNWTiff)
    /usr/sfw/lib/sparcv9 (SUNWTiffx)
    /usr/openwin/lib(OpenWindows)
    /usr/dt/lib/sdtimage (CDE)

In Solaris 10 the libtiff(3) library may be installed in the following directories:

    /usr/lib 
    /usr/lib/sparcv9

Note 2:

Sun includes libtiff(3) on the Solaris Companion CD for Solaris 8 (http://wwws.sun.com/software/solaris/freeware/index.html) as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using libtiff from the Solaris Companion CD will have to upgrade to a later version.


Symptoms

There are no reliable symptoms that would show the described issues have been exploited.


Workaround

To work around the described issues, do not load TIFF images from untrusted sources.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 7 (OpenWindows) with patch 118953-02 or later
  • Solaris 8 (CDE) with patch 109931-10 or later
  • Solaris 9 (CDE) with patch 114219-11 or later
  • Solaris 10 (with package SUNWTiff installed) with patch 119900-01 or later

x86 Platform

  • Solaris 7 (OpenWindows) with patch 118954-02 or later
  • Solaris 8 (CDE) with patch 109932-10 or later
  • Solaris 9 (CDE) with patch 114220-11 or later
  • Solaris 10 (with package SUNWTiff installed) with patch 119901-01 or later

Note: This issue is not yet resolved in Solaris 9 (with package SUNWTiff or SUNWTiffx)

A final resolution is pending completion.




Modification History

04-May-2009: No further updates will be made to this document


06-JUL-2005: Updated Contributing Factors and Resolution sections
29-AUG-2005: Updated Contributing Factors and Resolution sections
26-OCT-2005: Updated Impact section


Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 201072
Article Type : Sun Alert
Last reviewed : 2009-05-04
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1