Vulnerabilità: CVE-2006-3459

Molteplici stack-based buffer overflow nella libreria TIFF (libtiff) prima 3.8.2, come usato in Adobe Reader 9.3.0 e altri prodotti, consentono attaccanti dipendenti dal contesto di eseguire codice arbitrario o causare un denial of service tramite vettori non specificato, tra cui un valore elevato tdir_count nella funzione TIFFFetchShortPair in tif_dirread.c.


http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://www.securityfocus.com/bid/19283
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
https://issues.rpath.com/browse/RPL-558
http://www.debian.org/security/2006/dsa-1137
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://secunia.com/blog/76
http://www.osvdb.org/27723
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
http://www.redhat.com/support/errata/RHSA-2006-0603.html
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://securitytracker.com/id?1016628
http://securitytracker.com/id?1016671
http://secunia.com/advisories/21253
http://secunia.com/advisories/21274
http://secunia.com/advisories/21290
http://secunia.com/advisories/21304
http://secunia.com/advisories/21319
http://secunia.com/advisories/21334
http://secunia.com/advisories/21338
http://secunia.com/advisories/21346
http://secunia.com/advisories/21370
http://secunia.com/advisories/21392
http://secunia.com/advisories/21501
http://secunia.com/advisories/21537
http://secunia.com/advisories/21598
http://secunia.com/advisories/21632
http://secunia.com/advisories/22036
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://lwn.net/Alerts/194228/
http://www.ubuntu.com/usn/usn-330-1
http://www.vupen.com/english/advisories/2006/3101
http://www.vupen.com/english/advisories/2006/3105
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi