Netscape zero width GIF heap buffer overflow

netscape-zero-gif-bo (10058)

High Risk

Description:

Netscape is vulnerable to a heap buffer overflow in the Graphic Interchange Format (GIF) file viewer. By creating a specially-crafted GIF file with a width of zero and embedding it on a Web page, a remote attacker could overflow a buffer and cause a victim's browser to crash or execute arbitrary code on the victim's system, once the page is viewed.

Platforms Affected:

• Conectiva, Linux 6.0
• Conectiva, Linux 7.0
• Conectiva, Linux 8.0
• MandrakeSoft, Mandrake Linux 8.2
• MandrakeSoft, Mandrake Linux 8.2 PPC
• Mozilla, Mozilla 1.0.1
• Netscape, Navigator 6.2.3
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Linux 7
• RedHat, Linux 7.1
• RedHat, Linux 7.2
• RedHat, Linux 7.3
• RedHat, Linux 8.0

Remedy:

For Netscape:
Upgrade to the latest version of Netscape (7.0 or later), available from the Netscape Web site. See References.

For Mozilla:
Upgrade to the latest version of Mozilla (1.1 or later), available from the Mozilla Web site. See References.

For Red Hat Linux:
Upgrade to the latest Mozilla package, as listed below. Refer to Red Hat Security Advisory RHSA-2002:192-13 for more information. See References.

Red Hat 7.2: 1.0.1-2.7.2 or later
Red Hat 7.3: 1.0.1-2.7.3 or later
Red Hat 8.0: 1.0.1-26 or later

For Conectiva Linux containing the mozilla package:
Upgrade to the latest mozilla package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:568 for more information. See References.

Conectiva Linux 6.0: 1.2.1-1U60_2cl or later
Conectiva Linux 7.0: 1.2.1-1U70_2cl or later
Conectiva Linux 8.0: 1.2.1-1U80_5cl or later

For Conective Linux 8.0 containing the galeon package:
Upgrade to the latest galeon package (1.2.7-1U80_5cl or later), as listed in Conectiva Linux Announcement CLSA-2003:568. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Fri Sep 06 2002 - 01:47:51 CDT , zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad] at http://archives.neohapsis.com/archives/bugtraq/2002-09/0050.html.
• Conectiva Linux Security Announcement CLSA-2003:568, mozilla -- several vulnerabilities at http://www.linuxsecurity.com/content/view/104599/99/.
• Mozilla Web site, Bugzilla Bug 157989 Possible heap corruption with 0-width GIF at http://bugzilla.mozilla.org/show_bug.cgi?id=157989.
• Mozilla Web site, mozilla.org at http://www.mozilla.org.
• Netscape Web site, Netscape 7.0 at http://channels.netscape.com/ns/browsers/download.jsp.
• BID-5665: Multiple Browser Zero Width GIF Image Memory Corruption Vulnerability
• CVE-2002-1091: Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
• MDKSA-2002:074: Updated mozilla packages fix multiple vulnerabilities
• RHSA-2002-192: Updated Mozilla packages fix security vulnerabilities
• RHSA-2003-046: mozilla security update

Reported:

Sep 06, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page