Note: This is an archival copy of Security Sun Alert 200428 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000310.1.
Article ID : 1000310.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the libexif JPEG Image Processing Library

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Sun Java Desktop System Release 2
Sun Java Desktop System 2003

Bug Id
6257383, 6345703

Date of Resolved Release
23-NOV-2005

Impact

A security vulnerability in the libexif JPEG image processing library may allow a remote unprivileged user who provides a carefully crafted JPEG image the ability to execute arbitrary code with the privileges of a local user who opens that image. Furthermore, a remote user may be able to create a Denial of Service (DOS) attack by using a carefully crafted JPEG image.

This issue may occur with applications linked against the libexif library, including (but not limited to), the Eye of Gnome (eog) application, which is distributed as part of the Java Desktop System.

Note: Most digital cameras produce EXIF files, which are Joint Photographic Experts Group (JPEG) files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

This issue is described in the following documents:


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 121095-01

x86 Platform

  • Java Desktop System (JDS) Release 2 (for Solaris 9) without patch 121093-01
  • Solaris 10 without patch 121096-01

Linux

  • Sun Java Desktop System (JDS) release 2003
  • Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-9996)

Note: Solaris 8 and Solaris 9 are not affected by this issue.

The described issue only occurs on JDS for Linux with libexif versions libexif-0.5.3-91 or earlier.

To determine if libexif is installed on a Solaris system, the following command can be used:

    % pkginfo SUNWlibexif
    GNOME2      SUNWlibexif          libexif

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release     
    Sun Java Desktop System, Release 2 -build 10b (GA)  
    Assembled 30 March 2004

To determine the version of libexif installed on a JDS for Linux system, the following command can be run:

    % rpm -qf /usr/lib/libexif.so.5
    libexif-0.5.3-91

 


Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

To avoid the described issue, do not load JPEG images from untrusted sources.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 121095-01 or later

x86 Platform

  • Java Desktop System (JDS) Release 2 (for Solaris 9) with patch 121093-01 or later
  • Solaris 10 with patch 121096-01 or later

Linux

  • Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-9996)

To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu:

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:

Note: Sun Java Desktop System (JDS) release 2003 is no longer supported and will require an upgrade to a later release with the associated patches installed to address this issues.



References

121093-01
121095-01
121096-01




Attachments
This solution has no attachment