CERT-In Vulnerability Note CIVN-2008-55
Vulnerabilities in the Tcl/Tk GUI Toolkit Library in Solaris
Original Issue Date:
May 13, 2008
Severity Rating:
Medium
System Affected
Overview
Denial of Service and arbitrary code execution vulnerability has been reported in Solaris. The vulnerability in the TCL GUI Toolkit Library included in Solaris, which can be exploited by malicious users to compromise an application using the library.
Description
Tcl/Tk is a GUI toolkit library in Solaris and it is used for web and desktop applications, networking and testing. It has been found that, Tk Toolkit is prone to buffer-overflow vulnerability. If buffer is insufficient in size, it fails to perform adequate boundary checks on user-supplied GIF image data. A remote attacker may execute arbitrary code via crafted image. Successful exploits may allow attackers to execute arbitrary code and failed exploit attempts may result in denial-of-service conditions .
Solutions
Apply appropriate patches as mentioned below:
- SPARC Platform
- x86 Platform
Vendor Information
SUN
http://sunsolve.sun.com/search/document.do?
assetkey=1-66-237465-1
References
SUN
http://sunsolve.sun.com/search/document.do?
assetkey=1-66-237465-1
SecurityFocus
http://www.securityfocus.com/bid/27655/
Secunia
http://secunia.com/advisories/30129/
CVE Name
CVE-2008-0553
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
