CVE-2006-2024
published 2006-04-25CVE-2006-2024: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1)…
PriorityP421medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
8.65%
94.4th percentile
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.8.1 (bookworm) | tiff 3.8.1 (bookworm) |
| libtiff | libtiff | <= 3.8.0 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_redhat8.1HIGH
vendor_debian4.0MEDIUM
vendor_cisco3.1
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openssh: regreSSHion - race condition in SSH allows RCE/DoS
vendor_redhat·2024-07-01·CVSS 8.1
CVE-2024-6387 [HIGH] CWE-364 openssh: regreSSHion - race condition in SSH allows RCE/DoS
openssh: regreSSHion - race condition in SSH allows RCE/DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Statement: Red Hat rates the severity of this flaw as Important for both Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP). The most significant
Ubuntu
TIFF library vulnerabilities
vendor_ubuntu·2006-05-04
CVE-2006-2024 TIFF library vulnerabilities
Title: TIFF library vulnerabilities
Summary: TIFF library vulnerabilities
Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-03-03·CVSS 4.0
CVE-2006-2024 [MEDIUM] security flaw
security flaw
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Debian
CVE-2006-2024: tiff - Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attacke...
vendor_debian·2006·CVSS 4.0
CVE-2006-2024 [MEDIUM] CVE-2006-2024: tiff - Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attacke...
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Scope: local
bookworm: resolved (fixed in 3.8.1)
bullseye: resolved (fixed in 3.8.1)
forky: resolved (fixed in 3.8.1)
sid: resolved (fixed in 3.8.1)
trixie: resolved (fixed in 3.8.1)
Cisco
Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
vendor_cisco·CVSS 3.1
CVE-2006-5051 Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
CVE-2006-5051: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory . This advisory is available at the following link: https://sec.cloudapps.cisco.co
GHSA
GHSA-gcqf-gvjg-mhm8: Multiple vulnerabilities in libtiff before 3
ghsa_unreviewed·2022-05-03
CVE-2006-2024 [MEDIUM] GHSA-gcqf-gvjg-mhm8: Multiple vulnerabilities in libtiff before 3
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
OSV
CVE-2006-2024: Multiple vulnerabilities in libtiff before 3
osv·2006-04-25·CVSS 4.0
CVE-2006-2024 [MEDIUM] CVE-2006-2024: Multiple vulnerabilities in libtiff before 3
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
No detection rules found.
Bugzilla
CVE-2024-6387 openssh: regreSSHion - race condition in SSH allows RCE/DoS
bugzilla·2024-06-27·CVSS 8.1
CVE-2024-6387 [HIGH] CVE-2024-6387 openssh: regreSSHion - race condition in SSH allows RCE/DoS
CVE-2024-6387 openssh: regreSSHion - race condition in SSH allows RCE/DoS
We discovered a vulnerability (a signal handler race condition) in OpenSSH's server (sshd): if a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe (for example, syslog()).
On investigation, we realized that this vulnerability is in fact a regression of CVE-2006-5051 ("Signal handler race condition in OpenSSH
before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code"), which was reported in 2006 by
Mark Dowd.
This regression was introduced in October 2020 (OpenSSH 8.5p1) by commi
Bugzilla
CVE-2006-2024 security flaw
bugzilla·2018-08-16·CVSS 4.0
CVE-2006-2024 [MEDIUM] CVE-2006-2024 security flaw
CVE-2006-2024 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugzilla.remotesensing.org/show_bug.cgi?id=1102http://secunia.com/advisories/19838http://secunia.com/advisories/19851http://secunia.com/advisories/19897http://secunia.com/advisories/19936http://secunia.com/advisories/19949http://secunia.com/advisories/19964http://secunia.com/advisories/20021http://secunia.com/advisories/20023http://secunia.com/advisories/20210http://secunia.com/advisories/20345http://secunia.com/advisories/20667http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmhttp://www.debian.org/security/2006/dsa-1054http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:082http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0425.htmlhttp://www.securityfocus.com/bid/17730http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1563https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933https://exchange.xforce.ibmcloud.com/vulnerabilities/26133https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893https://usn.ubuntu.com/277-1/ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugzilla.remotesensing.org/show_bug.cgi?id=1102http://secunia.com/advisories/19838http://secunia.com/advisories/19851http://secunia.com/advisories/19897http://secunia.com/advisories/19936http://secunia.com/advisories/19949http://secunia.com/advisories/19964http://secunia.com/advisories/20021http://secunia.com/advisories/20023http://secunia.com/advisories/20210http://secunia.com/advisories/20345http://secunia.com/advisories/20667http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmhttp://www.debian.org/security/2006/dsa-1054http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:082http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0425.htmlhttp://www.securityfocus.com/bid/17730http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1563https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933https://exchange.xforce.ibmcloud.com/vulnerabilities/26133https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893https://usn.ubuntu.com/277-1/
2006-04-25
Published