Details of VAR-200412-0902

ID

VAR-200412-0902

CVE

CVE-2004-1307

TITLE

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Trust: 0.8

sources: CERT/CC: VU#125598

DESCRIPTION

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library

Trust: 3.87

sources: NVD: CVE-2004-1307 // CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // JVNDB: JVNDB-2004-000574 // VULHUB: VHN-9737

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	7.0	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	10.0	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	8.0	Trust: 1.6
vendor:	avaya	model:	interactive response	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	*	Trust: 1.0
vendor:	sco	model:	unixware	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	avaya	model:	cvlan	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	interactive response	scope:	eq	version:	1.3	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	9.0	Trust: 1.0
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	1.1	Trust: 1.0
vendor:	sun	model:	solaris	scope:	eq	version:	9.0	Trust: 1.0
vendor:	avaya	model:	interactive response	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	8.0	Trust: 1.0
vendor:	avaya	model:	integrated management	scope:	eq	version:	*	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.6	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.6.0	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	avaya	model:	mn100	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.3	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.7	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	13.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	sgi	model:	propack	scope:	eq	version:	3.0	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.4	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.7.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.0
vendor:	sun	model:	sunos	scope:	eq	version:	5.8	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.8	Trust: 1.0
vendor:	gentoo	model:	linux	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	sun	model:	sunos	scope:	eq	version:	5.7	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	12.0	Trust: 1.0
vendor:	debian	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	freebsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (x86)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	linux advanced workstation	scope:	eq	version:	2.1	Trust: 0.8

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1307
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#125598
value:	7.75
Trust: 0.8
CARNEGIE MELLON:	VU#356070
value:	22.31
Trust: 0.8
CARNEGIE MELLON:	VU#539110
value:	5.04
Trust: 0.8
NVD:	CVE-2004-1307
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200412-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9737
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1307
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-9737
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000574

PATCH

title:	Security Update 2005-005	url:	http://docs.info.apple.com/article.html?artnum=301528	Trust: 0.8
title:	Security Update 2005-005	url:	http://docs.info.apple.com/jarticle.html?artnum=301528	Trust: 0.8
title:	RHSA-2004:577	url:	https://rhn.redhat.com/errata/RHSA-2004-577.html	Trust: 0.8
title:	101677	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1	Trust: 0.8
title:	RHSA-2004:577	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-577J.html	Trust: 0.8

sources: JVNDB: JVNDB-2004-000574

EXTERNAL IDS

db:	CERT/CC	id:	VU#539110	Trust: 3.3
db:	USCERT	id:	TA05-136A	Trust: 2.5
db:	NVD	id:	CVE-2004-1307	Trust: 2.5
db:	SECUNIA	id:	13607	Trust: 1.6
db:	SECUNIA	id:	15227	Trust: 1.6
db:	CERT/CC	id:	VU#125598	Trust: 0.8
db:	OSVDB	id:	16084	Trust: 0.8
db:	BID	id:	13502	Trust: 0.8
db:	CERT/CC	id:	VU#356070	Trust: 0.8
db:	SECTRACK	id:	1012651	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000574	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-081	Trust: 0.7
db:	CERT/CC	id:	TA05-136A	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:11175	Trust: 0.6
db:	SUNALERT	id:	101677	Trust: 0.6
db:	SUNALERT	id:	201072	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-05-03	Trust: 0.6
db:	IDEFENSE	id:	20041221 LIBTIFF STRIPOFFSETS INTEGER OVERFLOW VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-9737	Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta05-136a.html	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/539110	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2005/may/msg00001.html	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1	Trust: 1.7
url:	http://secunia.com/advisories/13607/	Trust: 1.6
url:	http://secunia.com/advisories/15227/	Trust: 1.6
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11175	Trust: 1.1
url:	http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities	Trust: 0.8
url:	http://docs.info.apple.com/article.html?artnum=301528	Trust: 0.8
url:	http://remahl.se/david/vuln/011/	Trust: 0.8
url:	http://www.securityfocus.com/bid/13502/	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=16084	Trust: 0.8
url:	http://securitytracker.com/alerts/2004/dec/1012651.html	Trust: 0.8
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1307	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2005/wr052001.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta05-136a/	Trust: 0.8
url:	http://jvn.jp/tr/trta05-136a/	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1307	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:11175	Trust: 0.6
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true	Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CREDITS

Discovery credited to infamous41md[at]hotpop.com.

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

SOURCES

db:	CERT/CC	id:	VU#125598
db:	CERT/CC	id:	VU#356070
db:	CERT/CC	id:	VU#539110
db:	VULHUB	id:	VHN-9737
db:	JVNDB	id:	JVNDB-2004-000574
db:	CNNVD	id:	CNNVD-200412-081
db:	NVD	id:	CVE-2004-1307

LAST UPDATE DATE

2024-11-23T21:23:44.479000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#125598	date:	2005-05-12T00:00:00
db:	CERT/CC	id:	VU#356070	date:	2005-05-16T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-08-23T00:00:00
db:	VULHUB	id:	VHN-9737	date:	2018-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2004-000574	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200412-081	date:	2009-02-05T00:00:00
db:	NVD	id:	CVE-2004-1307	date:	2018-10-30T16:26:22.763

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#125598	date:	2005-01-11T00:00:00
db:	CERT/CC	id:	VU#356070	date:	2005-05-06T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-01-20T00:00:00
db:	VULHUB	id:	VHN-9737	date:	2004-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2004-000574	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200412-081	date:	2004-12-21T00:00:00
db:	NVD	id:	CVE-2004-1307	date:	2004-12-21T05:00:00