Network Security: Detailed info on Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Ov

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Ov

from [Marcus Meissner] Network Security

[Permanent Link]

Subject:	Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
Date:	Mon, 27 Dec 2004 11:37:02 +0100

On Tue, Dec 21, 2004 at 05:09:30PM -0500, customer service mailbox wrote:

libtiff STRIPOFFSETS Integer Overflow Vulnerability

iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=173&type=vulnerabilities
December 21, 2004

....

The overflow occurs in the parsing of TIFF files set with the 
STRIPOFFSETS flag in libtiff/tif_dirread.c. In the TIFFFetchStripThing()

function, the number of strips (nstrips) is used directly in a 
CheckMalloc() routine without sanity checking. The call ultimately boils
      
      - SuSE Linux


This problem had already been fixed in SUSE Linux with the last libtiff
update:
        http://www.novell.com/linux/security/advisories/2004_38_libtiff.html

Ciao, Marcus

pgpUISjxNTDPn.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, customer service mailbox Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Dmitry V. Levin Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Moritz Muehlenhoff Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Marcus Meissner <=

Previous by Date:	[HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included, Hat-Squad Security Team
Next by Date:	Netcat v1.11 For Windows , New fixed version, Hat-Squad Security Team
Previous by Thread:	Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Moritz Muehlenhoff
Next by Thread:	iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability, customer service mailbox
Indexes:	[Date] [Thread] [Top] [All Lists]