PCRE Regular Expression Library Multiple Security Vulnerabilities
BID:26346
Info
PCRE Regular Expression Library Multiple Security Vulnerabilities
| Bugtraq ID: | 26346 |
| Class: | Unknown |
| CVE: |
CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 05 2007 12:00AM |
| Updated: | Jul 16 2008 08:29PM |
| Credit: | Tavis Ormandy of the Google Security Team is credited with the discovery of these issues. |
| Vulnerable: |
VMWare ESX Server 3.5 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun Solaris 10 Sun OpenSolaris build snv_88 S.u.S.E. openSUSE 10.3 rPath rPath Linux 1 Redhat Fedora 7 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 R Foundation R 2.2.1 PCRE PCRE 6.2 PCRE PCRE 6.1 PCRE PCRE 6.0 PCRE PCRE 5.0 PCRE PCRE 4.5 PCRE PCRE 4.4 PCRE PCRE 3.9 PCRE PCRE 3.7 PCRE PCRE 3.4 Nortel Networks Self-Service - CCSS7 0 Nortel Networks Peri Workstation 0 Nortel Networks Peri Application 0 Nortel Networks Media Processing Svr 1000 Rel 3.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Kazehakase Kazehakase 0.4.2 Gentoo x11-libs/goffice 0.6 Gentoo www-client/kazehakase 0.4.9 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 CHICKEN CHICKEN 3.0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Intuity AUDIX LX 2.0 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya CCS 3.1.2 Avaya CCS 3.1.1 Avaya CCS 4.0 Avaya Aura Application Enablement Services 4.0.1 Avaya AES 4.0 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.5.2 Apple Mac OS X 10.4.11 Adobe Reader 8.1.1 Adobe Reader 7.0.9 Adobe Reader 7.0.8 Adobe Reader 7.0.8 Adobe Reader 7.0.7 Adobe Reader 7.0.6 Adobe Reader 7.0.5 Adobe Reader 7.0.4 Adobe Reader 7.0.3 Adobe Reader 7.0.2 Adobe Reader 7.0.1 Adobe Reader 7.0 Adobe Reader 8.1 Adobe Reader 8.0 Adobe Acrobat Standard 8.1.1 Adobe Acrobat Standard 7.0.8 Adobe Acrobat Standard 7.0.7 Adobe Acrobat Standard 7.0.6 Adobe Acrobat Standard 7.0.5 Adobe Acrobat Standard 7.0.4 Adobe Acrobat Standard 7.0.3 Adobe Acrobat Standard 7.0.2 Adobe Acrobat Standard 7.0.1 Adobe Acrobat Standard 7.0 Adobe Acrobat Standard 8.1 Adobe Acrobat Standard 8.0 Adobe Acrobat Professional 8.1.1 Adobe Acrobat Professional 7.0.8 Adobe Acrobat Professional 7.0.7 Adobe Acrobat Professional 7.0.6 Adobe Acrobat Professional 7.0.5 Adobe Acrobat Professional 7.0.4 Adobe Acrobat Professional 7.0.3 Adobe Acrobat Professional 7.0.2 Adobe Acrobat Professional 7.0.1 Adobe Acrobat Professional 7.0 Adobe Acrobat Professional 8.1 Adobe Acrobat Professional 8.0 Adobe Acrobat 3D 0 |
| Not Vulnerable: |
R Foundation R 2.2.1-r1 PCRE PCRE 7.3 Gentoo x11-libs/goffice 0.6.1 Gentoo www-client/kazehakase 0.5 CHICKEN CHICKEN 3.1 Adobe Reader 8.1.2 Adobe Reader 7.1 Adobe Acrobat Standard 8.1.2 Adobe Acrobat Standard 7.1 Adobe Acrobat Professional 8.1.2 Adobe Acrobat Professional 7.1 |
Discussion
PCRE Regular Expression Library Multiple Security Vulnerabilities
PCRE regular-expression library is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
PCRE regular-expression library is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
Exploit / POC
PCRE Regular Expression Library Multiple Security Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
PCRE Regular Expression Library Multiple Security Vulnerabilities
Solution:
Updates have been released. Please see the referenced advisories for more information.
Adobe Reader 8.1
Adobe Acrobat 3D 0
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.5.2
Solution:
Updates have been released. Please see the referenced advisories for more information.
Adobe Reader 8.1
-
Adobe AcrobatUpd812_all_incr.msp
Windows
http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=3849&fileID= 3603 -
Adobe AcroProUpd812_all.dmg
Mac OSX
http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=3856&fileID= 3602
Adobe Acrobat 3D 0
-
Adobe AcrobatUpd812_all_incr.msp
Windows
http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=3850&fileID= 3606
Apple Mac OS X 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X 10.5.2
-
Apple SecUpd2008-002.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpd2008-002.dmg
Apple Mac OS X Server 10.5.2
References
PCRE Regular Expression Library Multiple Security Vulnerabilities
References:
References:
- CESA-2007-006 - rev 1 pcre integer / buffer overflows (Chris Evans [email protected])
- PCRE Homepage (PCRE)
- APSB08-13 Security Updates available for Adobe Reader and Acrobat 7 and 8 (Adobe)
- ASA-2007-488 pcre security update (RHSA-2007-0968) (Avaya)
- ASA-2007-505 PCRE security update (RHSA-2007-1068) (Avaya)
- ASA-2008-281 Multiple Security Vulnerabilities in the Adobe Reader may lead to E (Avaya)
- Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash (Nortel Networks)
- RHSA-2007:0967-2 Critical: pcre security update (Redhat)
- RHSA-2007:0968-2 Critical: pcre security update (Redhat)
- RHSA-2007:1063-4 - pcre security update (RedHat)
- RHSA-2007:1065-3 - pcre security update (RedHat)
- RHSA-2007:1068-3: pcre security update (Red Hat)
- RHSA-2008:0546-3 Moderate: php security update (Red Hat)
- Solution 238305: Multiple Security Vulnerabilities in Flash Player for Solaris (Sun Microsystems)
- Solution 239286: Multiple Security Vulnerabilities in the Adobe Reader may lead (Sun Microsystems)
- SUSE Security Advisory SUSE-SA:2008:004 (SUSE)