SUSE-SA:2005:001: libtiff/tiff

critical Nessus Plugin ID 16305

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:001 (libtiff/tiff).


Libtiff supports reading, writing, and manipulating of TIFF image files.
iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.

This bug can be used by external attackers to execute arbitrary code over the network by placing special image files on web-pages and alike.

Additionally a buffer overflow in tiffdump was fixed.

Solution

http://www.suse.de/security/advisories/2005_01_libtiff_tiff.html

Plugin Details

Severity: Critical

ID: 16305

File Name: suse_SA_2005_001.nasl

Version: 1.13

Agent: unix

Published: 2/3/2005

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2004-1183, CVE-2004-1308