Note: This is an archival copy of Security Sun Alert 201072 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000794.1.
Article ID : 1000794.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2009-05-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in libtiff(3)

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
6217996, 6203734, 6203747, 6203736

Date of Workaround Release
25-APR-2005

Date of Resolved Release
04-May-2009

Impact

Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. These vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that local user has loaded a TIFF image file (.tiff) supplied by an untrusted user. The remote user may be able to crash the TIFF image viewing program as well. The TIFF image files may be picked up in e-mail or from an untrusted web site.

These issues are described in the following documents:


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 7 (OpenWindows) without patch 118953-02
  • Solaris 8 (CDE) without patch 109931-10
  • Solaris 9 (CDE) without patch 114219-11
  • Solaris 9 (with package SUNWTiff or SUNWTiffx)
  • Solaris 10 (with package SUNWTiff installed) without patch 119900-01

x86 Platform

  • Solaris 7 (OpenWindows) without patch 118954-02
  • Solaris 8 (CDE) without patch 109932-10
  • Solaris 9 (CDE) without patch 114220-11
  • Solaris 9 (with package SUNWTiff or SUNWTiffx)
  • Solaris 10 (with package SUNWTiff installed) without patch 119901-01

Note 1:

In Solaris 8 the libtiff(3) library may be installed in the following directories:

/usr/openwin/lib (OpenWindows)
/usr/dt/lib/sdtimage (CDE)

In Solaris 9 the libtiff(3) library may be installed in the following directories:

/usr/sfw/lib(SUNWTiff)
/usr/sfw/lib/sparcv9 (SUNWTiffx)
/usr/openwin/lib(OpenWindows)
/usr/dt/lib/sdtimage (CDE)

In Solaris 10 the libtiff(3) library may be installed in the following directories:

/usr/lib
/usr/lib/sparcv9

Note 2:

Sun includes libtiff(3) on the Solaris Companion CD for Solaris 8 (http://wwws.sun.com/software/solaris/freeware/index.html) as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using libtiff from the Solaris Companion CD will have to upgrade to a later version.


Symptoms

There are no reliable symptoms that would show the described issues have been exploited.


Workaround

To work around the described issues, do not load TIFF images from untrusted sources.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 7 (OpenWindows) with patch 118953-02 or later
  • Solaris 8 (CDE) with patch 109931-10 or later
  • Solaris 9 (CDE) with patch 114219-11 or later
  • Solaris 10 (with package SUNWTiff installed) with patch 119900-01 or later

x86 Platform

  • Solaris 7 (OpenWindows) with patch 118954-02 or later
  • Solaris 8 (CDE) with patch 109932-10 or later
  • Solaris 9 (CDE) with patch 114220-11 or later
  • Solaris 10 (with package SUNWTiff installed) with patch 119901-01 or later

Note: This issue is not yet resolved in Solaris 9 (with package SUNWTiff or SUNWTiffx)

A final resolution is pending completion.



Modification History
04-May-2009: No further updates will be made to this document

06-JUL-2005: Updated Contributing Factors and Resolution sections
29-AUG-2005: Updated Contributing Factors and Resolution sections
26-OCT-2005: Updated Impact section

References

118953-02
109931-10
114219-11
118954-02
109932-10
114220-11
119901-01
119900-01




Attachments
This solution has no attachment