Note: This is an archival copy of Security Sun Alert 201332 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001006.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3)
Multiple security vulnerabilities in the Solaris Tag Image File Format library (libtiff(3)) may allow a local or remote unprivileged user to crash applications that dynamically link to the "libtiff" library and execute arbitrary code with the privileges of a local user. The ability to crash an application that links to the "libtiff" library is a type of Denial of Service (DoS). Solaris ships several applications as part of the GNOME Desktop Environment that dynamically link with the "libtiff" library.
These issues are described in the following documents:
CVE-2006-2024 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
CVE-2006-2025 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
CVE-2006-2026 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
Sun acknowledges with thanks, Tavis Ormandy from the Google Security Team for bringing these issues to our attention.
2. Contributing Factors
These issues can occur in the following releases:
There are no predictable symptoms that would indicate these issues have been exploited to cause a Denial of Service or execute arbitrary code with the privileges of a local user.
The stack overflow security issues referenced in this document may be worked around by using the "noexec_user_stack" option. This can be achieved by editing the "/etc/system" file and adding the following lines:
set noexec_user_stack = 1Note: A reboot will be necessary in order for this change to take effect. See system(4) for more information on modifying the "/etc/system" file.
To workaround the remaining issues described in this document, do not load images from untrusted sources.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
12-Nov-2007: Updated Impact section for corrected CVE references
29-Nov-2007: Updated Contributing Factors and Resolution sections
03-Sep-2008: Updated Contributing Factors and Resolution sections; now Resolved
This solution has no attachment