Details of VAR-200412-0902

ID

VAR-200412-0902

CVE

CVE-2004-1307

TITLE

Apple Terminal fails to properly sanitize input for "x-man-page" URI

Trust: 0.8

sources: CERT/CC: VU#356070

DESCRIPTION

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library

Trust: 3.87

sources: NVD: CVE-2004-1307 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#331694 // JVNDB: JVNDB-2004-000574 // VULHUB: VHN-9737

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	sun	model:	solaris	scope:	eq	version:	7.0	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	10.0	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	8.0	Trust: 1.6
vendor:	avaya	model:	interactive response	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	*	Trust: 1.0
vendor:	sco	model:	unixware	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	avaya	model:	cvlan	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	interactive response	scope:	eq	version:	1.3	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	9.0	Trust: 1.0
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	1.1	Trust: 1.0
vendor:	sun	model:	solaris	scope:	eq	version:	9.0	Trust: 1.0
vendor:	avaya	model:	interactive response	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	8.0	Trust: 1.0
vendor:	avaya	model:	integrated management	scope:	eq	version:	*	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.6	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.6.0	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	avaya	model:	mn100	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.3	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.7	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	13.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	sgi	model:	propack	scope:	eq	version:	3.0	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.4	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.7.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.0
vendor:	sun	model:	sunos	scope:	eq	version:	5.8	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.8	Trust: 1.0
vendor:	gentoo	model:	linux	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	sun	model:	sunos	scope:	eq	version:	5.7	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	f5	model:	icontrol service manager	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	avaya	model:	call management system server	scope:	eq	version:	12.0	Trust: 1.0
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (x86)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	linux advanced workstation	scope:	eq	version:	2.1	Trust: 0.8

sources: CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#331694 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1307
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#356070
value:	22.31
Trust: 0.8
CARNEGIE MELLON:	VU#539110
value:	5.04
Trust: 0.8
CARNEGIE MELLON:	VU#331694
value:	15.94
Trust: 0.8
NVD:	CVE-2004-1307
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200412-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9737
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1307
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-9737
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#331694 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000574

PATCH

title:	Security Update 2005-005	url:	http://docs.info.apple.com/article.html?artnum=301528	Trust: 0.8
title:	Security Update 2005-005	url:	http://docs.info.apple.com/jarticle.html?artnum=301528	Trust: 0.8
title:	RHSA-2004:577	url:	https://rhn.redhat.com/errata/RHSA-2004-577.html	Trust: 0.8
title:	101677	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1	Trust: 0.8
title:	RHSA-2004:577	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-577J.html	Trust: 0.8

sources: JVNDB: JVNDB-2004-000574

EXTERNAL IDS

db:	CERT/CC	id:	VU#539110	Trust: 3.3
db:	USCERT	id:	TA05-136A	Trust: 2.5
db:	NVD	id:	CVE-2004-1307	Trust: 2.5
db:	SECUNIA	id:	15227	Trust: 2.4
db:	OSVDB	id:	16084	Trust: 0.8
db:	BID	id:	13502	Trust: 0.8
db:	CERT/CC	id:	VU#356070	Trust: 0.8
db:	SECTRACK	id:	1012651	Trust: 0.8
db:	SECUNIA	id:	13607	Trust: 0.8
db:	OSVDB	id:	16075	Trust: 0.8
db:	XF	id:	20376	Trust: 0.8
db:	CERT/CC	id:	VU#331694	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000574	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-081	Trust: 0.7
db:	CERT/CC	id:	TA05-136A	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:11175	Trust: 0.6
db:	SUNALERT	id:	101677	Trust: 0.6
db:	SUNALERT	id:	201072	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-05-03	Trust: 0.6
db:	IDEFENSE	id:	20041221 LIBTIFF STRIPOFFSETS INTEGER OVERFLOW VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-9737	Trust: 0.1

sources: CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#331694 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta05-136a.html	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/539110	Trust: 2.5
url:	http://secunia.com/advisories/15227/	Trust: 2.4
url:	http://lists.apple.com/archives/security-announce/2005/may/msg00001.html	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301528	Trust: 1.6
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11175	Trust: 1.1
url:	http://remahl.se/david/vuln/011/	Trust: 0.8
url:	http://www.securityfocus.com/bid/13502/	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=16084	Trust: 0.8
url:	http://securitytracker.com/alerts/2004/dec/1012651.html	Trust: 0.8
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities	Trust: 0.8
url:	http://secunia.com/advisories/13607/	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/20376	Trust: 0.8
url:	http://www.apple.com/server/macosx/	Trust: 0.8
url:	http://www.osvdb.org/16075	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1307	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2005/wr052001.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta05-136a/	Trust: 0.8
url:	http://jvn.jp/tr/trta05-136a/	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1307	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:11175	Trust: 0.6
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true	Trust: 0.1

sources: CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#331694 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CREDITS

Discovery credited to infamous41md[at]hotpop.com.

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

SOURCES

db:	CERT/CC	id:	VU#356070
db:	CERT/CC	id:	VU#539110
db:	CERT/CC	id:	VU#331694
db:	VULHUB	id:	VHN-9737
db:	JVNDB	id:	JVNDB-2004-000574
db:	CNNVD	id:	CNNVD-200412-081
db:	NVD	id:	CVE-2004-1307

LAST UPDATE DATE

2025-02-20T20:54:45.877000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#356070	date:	2005-05-16T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-08-23T00:00:00
db:	CERT/CC	id:	VU#331694	date:	2005-05-25T00:00:00
db:	VULHUB	id:	VHN-9737	date:	2018-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2004-000574	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200412-081	date:	2009-02-05T00:00:00
db:	NVD	id:	CVE-2004-1307	date:	2018-10-30T16:26:22.763

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#356070	date:	2005-05-06T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-01-20T00:00:00
db:	CERT/CC	id:	VU#331694	date:	2005-05-16T00:00:00
db:	VULHUB	id:	VHN-9737	date:	2004-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2004-000574	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200412-081	date:	2004-12-21T00:00:00
db:	NVD	id:	CVE-2004-1307	date:	2004-12-21T05:00:00