-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec Advisory number: SCOSA-2005.34 Issue date: 2005 September 20 Cross reference: sr894564 fz532775 erg712889 CAN-2005-1544 ______________________________________________________________________________ 1. Problem Description Tavis Ormandy has reported a vulnerability in libTIFF, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error and can be exploited to cause a buffer overflow via a specially crafted TIFF image containing a malformed BitsPerSample tag. Successful exploitation may allow execution of arbitrary code, if a malicious TIFF image is opened in an application linked against the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2005-1544 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 Libtiff distribution 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34 4.2 Verification MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download tiff.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/tiff.pkg 5. References Specific references for this advisory: http://bugzilla.remotesensing.org/show_bug.cgi?id=843 http://xforce.iss.net/xforce/xfdb/20533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544 http://secunia.com/advisories/15320 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr894564 fz532775 erg712889. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments The SCO Group would like to thank Travis Ormandy ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (SCO/SYSV) iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw Gkiduk0ql3ar5iLEWYtpse0= =w5vg -----END PGP SIGNATURE-----