-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec
Advisory number: 	SCOSA-2005.34
Issue date: 		2005 September 20
Cross reference:	sr894564 fz532775 erg712889 CAN-2005-1544
______________________________________________________________________________


1. Problem Description

	Tavis Ormandy has reported a vulnerability in libTIFF, which
	potentially can be exploited by malicious people to compromise
	a vulnerable system. 
	
	The vulnerability is caused due to a boundary error and can 
	be exploited to cause a buffer overflow via a specially crafted 
	TIFF image containing a malformed BitsPerSample tag. 
	
	Successful exploitation may allow execution of arbitrary code, 
	if a malicious TIFF image is opened in an application linked 
	against the vulnerable library. 
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the following name CAN-2005-1544 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			Libtiff distribution

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34

	4.2 Verification

	MD5 (tiff.pkg) = b084c16db5ab1c70d1a3d461cfe09665

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download tiff.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/tiff.pkg


5. References

	Specific references for this advisory:
		http://bugzilla.remotesensing.org/show_bug.cgi?id=843 
		http://xforce.iss.net/xforce/xfdb/20533 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544 
		http://secunia.com/advisories/15320

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr894564 fz532775
	erg712889.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	The SCO Group would like to thank Travis Ormandy

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)

iD8DBQFDMEK0aqoBO7ipriERAiHyAJ9MpBK4U4a3UX/kDnhW9/BBU6zDhACeMzSw
Gkiduk0ql3ar5iLEWYtpse0=
=w5vg
-----END PGP SIGNATURE-----