Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2656

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2656
Last Modified 02 Apr 2010 03:53:44
Published 30 May 2006 02:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2656

Summary

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.8.0

  • Libtiff 3.8.1

  • Libtiff 3.8.2


References

FEDORA - FEDORA-2006-591

UBUNTU - USN-289-1

MANDRIVA - MDKSA-2006:095

DEBIAN - DSA-1091

GENTOO - GLSA-200607-03

SECUNIA - 21002

SECUNIA - 20766

SECUNIA - 20520

SECUNIA - 20501

VULN-DEV - 20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...

SUSE - SUSE-SR:2006:014


Last Updated: 27 May 2016 10:42:42