X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103160 Security Vulnerabilities in libtiff(3) May Allow Denial of Service (DoS) or Privilege Elevation

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Multiple security vulnerabilities exist in the Tag Image File format library (libtiff(3)) which may affect applications making use of this library. Depending on the individual application, these vulnerabilities may allow a local or remote unprivileged user to cause a Denial of Service (DoS) to the application, or to execute arbitrary code with the privileges of the application.

These issues are described in the following documents:

Sun acknowledges with thanks, Travis Ormandy from the Google Security Team for reporting these issues.

Avoidance: Patch, Workaround
State: Workaround
First released: 28-Nov-2007

Join the discussion

Comments ( 2 )
  • Paul Liong Sunday, December 2, 2007

    Hi All,

    May I know how to check if my Solaris 10 system is being affected by this Vulnerabilities.

    Thanks & Regards
    Paul

  • Paul Roberts Monday, December 3, 2007

    Hi,

    This issue could potentially affect all Solaris systems with the libtiff libraries installed; check for the presence of the SUNWTiff package (use 'pkginfo SUNWTiff'). As libtiff is a shared library, any application on the machine could potentially be using the library and so could be affected by the issues. The ldd(1) command can help in determining if an application uses libtiff, however this isn't completely fool-proof, as the application might do something like dlopen(3C) the library etc.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.