ISS X-Force Database: netscape-zero-gif-bo(10058): Netscape zero width GIF heap buffer overflow

Netscape zero width GIF heap buffer overflow

netscape-zero-gif-bo (10058)

High Risk

Description:

Netscape is vulnerable to a heap buffer overflow in the Graphic Interchange Format (GIF) file viewer. By creating a specially-crafted GIF file with a width of zero and embedding it on a Web page, a remote attacker could overflow a buffer and cause a victim's browser to crash or execute arbitrary code on the victim's system, once the page is viewed.

Consequences:

Gain Access

Remedy:

For Netscape:
Upgrade to the latest version of Netscape (7.0 or later), available from the Netscape Web site. See References.

For Mozilla:
Upgrade to the latest version of Mozilla (1.1 or later), available from the Mozilla Web site. See References.

For Red Hat Linux:
Upgrade to the latest Mozilla package, as listed below. Refer to Red Hat Security Advisory RHSA-2002:192-13 for more information. See References.

Red Hat 7.2: 1.0.1-2.7.2 or later
Red Hat 7.3: 1.0.1-2.7.3 or later
Red Hat 8.0: 1.0.1-26 or later

For Conectiva Linux containing the mozilla package:
Upgrade to the latest mozilla package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:568 for more information. See References.

Conectiva Linux 6.0: 1.2.1-1U60_2cl or later
Conectiva Linux 7.0: 1.2.1-1U70_2cl or later
Conectiva Linux 8.0: 1.2.1-1U80_5cl or later

For Conective Linux 8.0 containing the galeon package:
Upgrade to the latest galeon package (1.2.7-1U80_5cl or later), as listed in Conectiva Linux Announcement CLSA-2003:568. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

BugTraq Mailing List, Fri Sep 06 2002 - 01:47:51 CDT : zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad].
Conectiva Linux Security Announcement CLSA-2003:568: mozilla -- several vulnerabilities.
Mozilla Web site: Bugzilla Bug 157989 Possible heap corruption with 0-width GIF.
Mozilla Web site: mozilla.org.
Netscape Web site: Netscape 7.0.
BID-5665: Multiple Browser Zero Width GIF Image Memory Corruption Vulnerability
CVE-2002-1091: Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
MDKSA-2002:074: Updated mozilla packages fix multiple vulnerabilities
RHSA-2002-192: Updated Mozilla packages fix security vulnerabilities
RHSA-2003-046: mozilla security update

Platforms Affected:

Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
MandrakeSoft Mandrake Linux 8.2
MandrakeSoft Mandrake Linux 8.2 PPC
Mozilla Mozilla 1.0.1
Netscape Navigator 6.2.3
RedHat Enterprise Linux 2.1 AS
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0

Reported:

Sep 06, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page