Note: This is an archival copy of Security Sun Alert 237465 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019237.1.
Date of Resolved Release
Security Vulnerabilities in the Tcl GUI Toolkit Library may lead to arbitrary code execution or Denial of Service (DoS)
Multiple security vulnerabilities in the Tcl GUI Toolkit (libtk(3LIB)) may allow a remote unprivileged user who provides a specially crafted GIF image to cause a denial of service (DoS) to applications using the libtk library to process images or execute arbitrary code with the privileges of the user running such applications.
Additional information regarding these issues is available at:
CVE-2008-0553 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
CVE-2007-5378 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
2. Contributing Factors
This issue can occur in the following releases:
If these issues are exploited to cause a Denial of Service (DoS), the application which makes use of the libtk(3LIB) library to process the crafted GIF image may crash. There are no predictable symptoms that would indicate that the issues have been exploited to execute arbitrary code or shell commands.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Solaris 9 Operating System
Solaris 10 Operating System
This solution has no attachment