Signature Detail
Short Name |
HTTP:STC:ADOBE:LIBTIF-FETCHDATA |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Reader and Acrobat LibTIFF TIFFFetchData Function Integer Overflow |
Release Date |
2011/07/18 |
Update Number |
1956 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Reader and Acrobat LibTIFF TIFFFetchData Function Integer Overflow
This signature detects attempts to exploit a known flaw in Adobe Reader and Acrobat LibTIFF. A successful attack can allow attackers to execute remote code in the context of the current logged in user.
Extended Description
Applications using the LibTIFF library are prone to an integer-overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.
Affected Products
- Avaya Intuity LX
- Avaya Message Networking
- Avaya Messaging Storage Server
- Debian Linux 3.0.0
- Debian Linux 3.0.0 Alpha
- Debian Linux 3.0.0 Arm
- Debian Linux 3.0.0 Hppa
- Debian Linux 3.0.0 Ia-32
- Debian Linux 3.0.0 Ia-64
- Debian Linux 3.0.0 M68k
- Debian Linux 3.0.0 Mips
- Debian Linux 3.0.0 Mipsel
- Debian Linux 3.0.0 Ppc
- Debian Linux 3.0.0 S/390
- Debian Linux 3.0.0 Sparc
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Gentoo Linux
- LibTIFF 3.4.0
- LibTIFF 3.5.1
- LibTIFF 3.5.2
- LibTIFF 3.5.3
- LibTIFF 3.5.4
- LibTIFF 3.5.5
- LibTIFF 3.5.7
- LibTIFF 3.6.0 .0
- LibTIFF 3.6.1
- LibTIFF 3.7.0
- LibTIFF 3.7.1
- LibTIFF 3.7.2
- LibTIFF 3.8.0
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
- Mandriva Multi Network Firewall 2.0.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- SGI ProPack 3.0.0 SP6
- Sun Solaris 10 Sparc
- Sun Solaris 10 X86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
- Ubuntu Ubuntu Linux 5.10.0 Amd64
- Ubuntu Ubuntu Linux 5.10.0 I386
- Ubuntu Ubuntu Linux 5.10.0 Powerpc
References
- BugTraq: 17732
- CVE: CVE-2006-2025