Perl Unicode Regular Expression Buffer Overflow Vulnerability
BID:26350
Info
Perl Unicode Regular Expression Buffer Overflow Vulnerability
| Bugtraq ID: | 26350 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5116 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 05 2007 12:00AM |
| Updated: | Mar 19 2015 08:05AM |
| Credit: | Tavis Ormandy and Will Drewry are credited with the discovery of this issue. |
| Vulnerable: |
VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE openSUSE 10.3 Sun Solaris 10_x86 Sun Solaris 10_sparc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Certificate Server 7.3 RedHat Application Stack v1 for Enterprise Linux ES 4 RedHat Application Stack v1 for Enterprise Linux AS 4 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Fedora 7 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux 5 Server OpenPKG OpenPKG Current Novell Linux POS 9 Novell Linux Desktop 9 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service - CCSS7 0 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Larry Wall Perl 5.8.7 Larry Wall Perl 5.8.6 Larry Wall Perl 5.8.5 Larry Wall Perl 5.8.4 -5 Larry Wall Perl 5.8.4 -4 Larry Wall Perl 5.8.4 -3 Larry Wall Perl 5.8.4 -2.3 Larry Wall Perl 5.8.4 -2 Larry Wall Perl 5.8.4 -1 Larry Wall Perl 5.8.4 Larry Wall Perl 5.8.3 Larry Wall Perl 5.8.1 Larry Wall Perl 5.8 .0-88.3 Larry Wall Perl 5.8 IPCop IPCop 1.4.20 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 HP Tru64 5.1 B-4 HP Tru64 5.1 B-3 HP Internet Express 6.7 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya SES 2.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 Avaya Interactive Response 2.0 Avaya Communication Manager 5.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya Aura SIP Enablement Services 3.1.1 Avaya Aura SIP Enablement Services 3.1 Avaya Aura Application Enablement Services 4.0.1 Avaya Aura Application Enablement Services 3.1.3 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 |
| Not Vulnerable: |
IPCop IPCop 1.4.21 |
Discussion
Perl Unicode Regular Expression Buffer Overflow Vulnerability
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected.
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Perl Unicode Regular Expression Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Perl Unicode Regular Expression Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.1
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X 10.5.1
-
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
References
Perl Unicode Regular Expression Buffer Overflow Vulnerability
References:
References:
- Bugzilla Bug 323571: CVE-2007-5116 perl regular expression UTF parsing errors (Red Hat)
- Solution 231524 : Security Vulnerability in Solaris 10 Perl 5.8 (Sun)
- IPCop 1.4.21 Release Notes (IPCop)
- IPCop Homepage (IPCop)
- Perl Home Page (Perl)
- Nortel Response to Sun Alert 231524 - Security Vulnerability in Solaris 10 P (Nortel Networks)
- ASA-2008-014 - Perl security update (RHSA-2007-0966) (Avaya)
- ASA-2008-359 - Security Vulnerability in Solaris 10 Perl 5.8 (Sun 231524) (Avaya)
- RHSA-2007:0966-5: perl security update (Red Hat)
- RHSA-2007:1011-3: perl security update (Red Hat)