FrSIRT - Fedora Security Update Fixes Exiv2 "setDataArea()" Integer Overflow / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Exiv2 "setDataArea()" Integer Overflow

Title : Fedora Security Update Fixes Exiv2 "setDataArea()" Integer Overflow
Advisory ID : FrSIRT/ADV-2007-4289
CVE ID : CVE-2007-6353
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or compromise an affected system [...]

Solution

Upgrade the affected packages :

e7541bf8865d6fcc97e437326c9bdb7e3fa807ca exiv2-debuginfo-0.15-5.fc7.ppc64.rpm
f03e4a7e7ed2126ed69bb232662f6e026e7e3ef4 exiv2-devel-0.15-5.fc7.ppc64.rpm
a3b2fd7401068f4af95f967c88732e2cf22a8ce6 exiv2-0.15-5.fc7.ppc64.rpm
9ca9051be9c43f633b79070fd32e2fd9d8cf7828 exiv2-devel-0.15-5.fc7.i386.rpm
4b16abe5b275fc4dadb8d9e8b37c3f91de3ca012 exiv2-0.15-5.fc7.i386.rpm
27197ef023e19a773955b59a42719513211d3007 exiv2-debuginfo-0.15-5.fc7.i386.rpm
8716c8bb89f7bade3792afc73e2513fca91e6e79 exiv2-0.15-5.fc7.x86_64.rpm
e9abe03d4f5ce36bfcb589a8cdbc2ec2bf1775a4 exiv2-devel-0.15-5.fc7.x86_64.rpm
51a683e77bb97a656a5e9cb5657c70fb71e074ff exiv2-debuginfo-0.15-5.fc7.x86_64.rpm
7b22f635deb4d3acc0517ac57bfce4678f062520 exiv2-debuginfo-0.15-5.fc7.ppc.rpm
d8c9c3d900137104aa7d1d951de108231c42fd4c exiv2-devel-0.15-5.fc7.ppc.rpm
23ea23328a08589894aed6317645a3802c028980 exiv2-0.15-5.fc7.ppc.rpm
45e6ca55b0245ed32f64a2ed300a63aa03d0459e exiv2-0.15-5.fc7.src.rpm

e7541bf8865d6fcc97e437326c9bdb7e3fa807ca exiv2-debuginfo-0.15-5.fc7.ppc64.rpm
f03e4a7e7ed2126ed69bb232662f6e026e7e3ef4 exiv2-devel-0.15-5.fc7.ppc64.rpm
a3b2fd7401068f4af95f967c88732e2cf22a8ce6 exiv2-0.15-5.fc7.ppc64.rpm
9ca9051be9c43f633b79070fd32e2fd9d8cf7828 exiv2-devel-0.15-5.fc7.i386.rpm
4b16abe5b275fc4dadb8d9e8b37c3f91de3ca012 exiv2-0.15-5.fc7.i386.rpm
27197ef023e19a773955b59a42719513211d3007 exiv2-debuginfo-0.15-5.fc7.i386.rpm
8716c8bb89f7bade3792afc73e2513fca91e6e79 exiv2-0.15-5.fc7.x86_64.rpm
e9abe03d4f5ce36bfcb589a8cdbc2ec2bf1775a4 exiv2-devel-0.15-5.fc7.x86_64.rpm
51a683e77bb97a656a5e9cb5657c70fb71e074ff exiv2-debuginfo-0.15-5.fc7.x86_64.rpm
7b22f635deb4d3acc0517ac57bfce4678f062520 exiv2-debuginfo-0.15-5.fc7.ppc.rpm
d8c9c3d900137104aa7d1d951de108231c42fd4c exiv2-devel-0.15-5.fc7.ppc.rpm
23ea23328a08589894aed6317645a3802c028980 exiv2-0.15-5.fc7.ppc.rpm
45e6ca55b0245ed32f64a2ed300a63aa03d0459e exiv2-0.15-5.fc7.src.rpm

4f4e4f586452f249f6aaf6d14cfa12e1c97b7543 exiv2-debuginfo-0.15-5.fc8.ppc64.rpm
4c03b201052f64a8cef0ba6da2dec6e6ab0782c8 exiv2-libs-0.15-5.fc8.ppc64.rpm
8a8a74af199893b7970b7faf20a7c8c966bc23f5 exiv2-devel-0.15-5.fc8.ppc64.rpm
ad66e8c66acc1b3966317c2bb4ca42ce68f13ce9 exiv2-0.15-5.fc8.ppc64.rpm
cc1259ddfaf2ebc9d4edab32787787685fbcaf7e exiv2-libs-0.15-5.fc8.i386.rpm
ee4496454c13c7bc7837d7c6fb65e56fb7ccb79f exiv2-debuginfo-0.15-5.fc8.i386.rpm
eb3d0eb72b783a4d728839fd3d61768fba61d4bf exiv2-devel-0.15-5.fc8.i386.rpm
24e636d1ebeb6ddb03ba5568b60b78b0ed9bde45 exiv2-0.15-5.fc8.i386.rpm
101afb823c0f5a55efef495eb844469b8000f5da exiv2-0.15-5.fc8.x86_64.rpm
6dd905990478f589113ad0446448053987a67e21 exiv2-libs-0.15-5.fc8.x86_64.rpm
d2e5fa4649e90cd78477f8de8291a99468004725 exiv2-debuginfo-0.15-5.fc8.x86_64.rpm
096c7ee1f644f5ea6989737101675e4d438ce982 exiv2-devel-0.15-5.fc8.x86_64.rpm
4671ffe4ceb1ed031b0ebc3cc3c243349f047d13 exiv2-debuginfo-0.15-5.fc8.ppc.rpm
46c3843491c4263b39b35d582cdb72f7864483e1 exiv2-libs-0.15-5.fc8.ppc.rpm
af35366546e03479b99845e955cd4bd742dca9ad exiv2-devel-0.15-5.fc8.ppc.rpm
74d1f5d9b19dc71d057d909079d79f3190440d0c exiv2-0.15-5.fc8.ppc.rpm
4d8300bf9cdf830941e60880178fb8c905fd5e93 exiv2-0.15-5.fc8.src.rpm

ChangeLog

2007-12-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris ACL UFS File Systems Denial of Service Vulnerability
	Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability
	Sun Management Center Remote Denial of Service Vulnerability
	Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability
	Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability
	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities