Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:102: libtiff Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the libtiff package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:102 (libtiff).
A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in
libtiff 3.8.2 and earlier allows attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a TIFF file with a
DocumentName tag that contains UTF-8 characters, which triggers the
overflow when a character is sign extended to an integer that produces
more digits than expected in a sprintf call.
Corporate Server 3 and Corporate Desktop 3 are not affected by this
vulnerability as tiff2pdf was not part of the libtiff version shipped
in those products.
The updated packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:102
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.