Otkrivena su dva sigurnosna nedostatka u radu operacijskog sustava Oracle Solaris, točnije u biblioteci LibTIFF koja se koristi prilikom obrade TIFF datoteka. Nedostaci su uzrokovani pogreškama u radu funkcija "OJPEGReadBufferFill()" i "TIFFroundup()". Udaljenom napadaču omogućuju izvođenje DoS napada (rušenje aplikacije) ili pokretanje proizvoljnog programskog koda putem posebno oblikovane TIFF ili OJPEG datoteke. Svim se korisnicima, u svrhu zaštite, savjetuje instalacija odgovarajućih sigurnosnih zakrpa.
Oracle Solaris LibTIFF Integer Overflow and Denial of Service Vulnerabilities
VUPEN ID VUPEN/ADV-2011-0204
CVE ID CVE-2010-2065 - CVE-2010-2443
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as High Risk
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2011-01-25
Share Twitter LinkedIn Facebook Delicious Digg Slashdot
Technical Description
Two vulnerabilities have been identified in Oracle Solaris, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in LibTIFF. For additional information, see : VUPEN/ADV-2010-1435
Affected Products
Oracle Solaris 9
Oracle Solaris 8
Solution
Oracle Solaris 9 (SPARC) - Apply patch 125673-04
Oracle Solaris 9 (x86) - Apply patch 125674-04
Oracle Solaris 8 - Contact Oracle Support
References
http://www.vupen.com/english/advisories/2011/0204
http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010
Changelog
2011-01-25 : Initial release
Posljednje sigurnosne preporuke