Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Fri, 25 May 2007 11:51:23 +0200
Type : VULN
Sujet : CERT-Renater : 2007/VULN259 (US-CERT: libpng denial of service vulnerability)
====================================================================                                     CERT-Renater

                          Note d'Information No. 2007/VULN259
_____________________________________________________________________

DATE                      : 25/05/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running libpng.

======================================================================

Vulnerability Note VU#684664

libpng denial of service vulnerability

Overview

The libpng library contains a denial-of-service vulnerability.

I. Description

The libpng library can be used to allow other applications to render
PNG images.

The libpng library contains a denial-of-service vulnerability.

 From the Libpng-1.2.16-ADVISORY:

       This vulnerability could be used to crash a browser when a user tries to
view such a malformed PNG file. It is not known whether the vulnerability could
be exploited otherwise.

       The reason is that png_ptr->num_trans is set to 1 and then there is an
error return after checking the CRC, so the trans[ ] array is never allocated.
Since png_ptr->num_trans is nonzero, libpng tries to use the array later.


An attacker may be able to exploit this vulnerability by convincing a user to
open a specially crafted PNG image. The malicious image may be hosted on a
website, or sent as an email attachment.


II. Impact

A remote, unauthenticated attacker may be able to create a denial-of-service
condition.

III. Solution

Upgrade

The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address
this vulnerability. Administrators are encouraged to upgrade as soon as
possible. Administrators who receive the libpng library from their operating
system vendor should see the systems affected portion of this document for a
list of affected vendors.

Systems Affected

Vendor	                                        Status	       Date Updated
Apple Computer, Inc.                            Unknown        8-May-2007
Conectiva Inc.                                  Unknown        8-May-2007
Cray Inc.                                       Unknown        8-May-2007
Debian GNU/Linux                                Unknown        8-May-2007
EMC, Inc. (formerly Data General Corporation)   Unknown        8-May-2007
Engarde Secure Linux                            Unknown        8-May-2007
F5 Networks, Inc.                               Unknown        8-May-2007
Fedora Project                                  Unknown        8-May-2007
FreeBSD, Inc.                                   Unknown        8-May-2007
Fujitsu                                         Unknown        8-May-2007
Gentoo Linux                                    Vulnerable     16-May-2007
Hewlett-Packard Company                         Unknown        8-May-2007
Hitachi                                         Unknown        8-May-2007
IBM Corporation                                 Unknown        8-May-2007
IBM Corporation (zseries)                       Unknown        8-May-2007
IBM eServer                                     Unknown        23-May-2007
Immunix Communications, Inc.                    Unknown        8-May-2007
Ingrian Networks, Inc.                          Unknown        8-May-2007
Juniper Networks, Inc.                          Unknown        8-May-2007
libpng                                          Vulnerable     16-May-2007
Mandriva, Inc.                                  Unknown        8-May-2007
Microsoft Corporation                           Unknown        8-May-2007
MontaVista Software, Inc.                       Unknown        8-May-2007
Mozilla                                         Unknown        8-May-2007
NEC Corporation                                 Unknown        8-May-2007
NetBSD                                          Unknown        8-May-2007
Nokia                                           Unknown        8-May-2007
Novell, Inc.                                    Unknown        8-May-2007
OpenBSD                                         Unknown        8-May-2007
Openwall GNU/*/Linux                            Unknown        8-May-2007
QNX, Software Systems, Inc.                     Unknown        8-May-2007
Red Hat, Inc.                                   Vulnerable     18-May-2007
Silicon Graphics, Inc.                          Unknown        8-May-2007
Slackware Linux Inc.                            Unknown        8-May-2007
Sony Corporation                                Unknown        8-May-2007
Sun Microsystems, Inc.                          Unknown        8-May-2007
SUSE Linux                                      Unknown        8-May-2007
The SCO Group                                   Unknown        8-May-2007
Trustix Secure Linux                            Unknown        8-May-2007
Turbolinux                                      Unknown        8-May-2007
Ubuntu                                          Unknown        8-May-2007
Unisys                                          Unknown        8-May-2007
Wind River Systems, Inc.                        Unknown        8-May-2007


References


http://sourceforge.net/project/showfiles.php?group_idV24
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
http://secunia.com/advisories/25292/


Credit

Thanks to the libpng team for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public             05/16/2007
Date First Published    05/16/2007 01:46:37 PM
Date Last Updated       05/23/2007
CERT Advisory	
CVE Name                CVE-2007-2445
Metric                  3.86
Document Revision       15

If you have feedback, comments, or additional information about this 
vulnerability, please send us email.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================