UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec

[please_reply_to_security () sco com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec
Advisory number:        SCOSA-2005.34
Issue date:             2005 September 20
Cross reference:        sr894564 fz532775 erg712889 CAN-2005-1544
______________________________________________________________________________


1. Problem Description

        Tavis Ormandy has reported a vulnerability in libTIFF, which
        potentially can be exploited by malicious people to compromise
        a vulnerable system. 
        
        The vulnerability is caused due to a boundary error and can 
        be exploited to cause a buffer overflow via a specially crafted 
        TIFF image containing a malformed BitsPerSample tag. 
        
        Successful exploitation may allow execution of arbitrary code, 
        if a malicious TIFF image is opened in an application linked 
        against the vulnerable library. 
        
        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the following name CAN-2005-1544 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  Libtiff distribution

3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34

        4.2 Verification

        MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download tiff.pkg to the /var/spool/pkg directory

        # pkgadd -d /var/spool/pkg/tiff.pkg


5. References

        Specific references for this advisory:
                http://bugzilla.remotesensing.org/show_bug.cgi?id=843 
                http://xforce.iss.net/xforce/xfdb/20533 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544 
                http://secunia.com/advisories/15320

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr894564 fz532775
        erg712889.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        The SCO Group would like to thank Travis Ormandy

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)

iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw
Gkiduk0ql3ar5iLEWYtpse0=
=w5vg
-----END PGP SIGNATURE-----