漏洞信息详情

PCRE Regular Expression Library 多个整数值溢出漏洞

  • CNNVD编号:CNNVD-200711-210
  • 危害等级: 中危
  • CVE编号: CVE-2006-7228
  • 漏洞类型: 数字错误
  • 发布时间: 2007-11-14
  • 威胁类型: 远程
  • 更新时间: 2009-02-21
  • 厂        商: pcre
  • 漏洞来源: Chris Evans is cre...

漏洞简介

Perl-Compatible Regular Expression (PCRE) library 6.7之前的版本存在整数值溢出,攻击者借助一个包含大的(1) min, (2) max, or (3) duplength值的正则表达式导致不正确的长度计算及触发缓冲区溢出。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

VMWare ESX Server 3.5

VMWare ESX350-200803214-UG

http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip

PCRE PCRE 3.4

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 3.9

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 4.4

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 5.0

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 6.0

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 6.1

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

PCRE PCRE 6.2

PCRE pcre-7.4.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.gz

参考网址

来源: SECUNIA

名称: 27582

链接:http://secunia.com/advisories/27582

来源: MISC

名称: https://bugzilla.redhat.com/show_bug.cgi?id=383371

链接:https://bugzilla.redhat.com/show_bug.cgi?id=383371

来源: BID

名称: 26462

链接:http://www.securityfocus.com/bid/26462

来源: BUGTRAQ

名称: 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

链接:http://www.securityfocus.com/archive/1/archive/1/490917/100/0/threaded

来源: REDHAT

名称: RHSA-2007:1077

链接:http://www.redhat.com/support/errata/RHSA-2007-1077.html

来源: REDHAT

名称: RHSA-2007:1076

链接:http://www.redhat.com/support/errata/RHSA-2007-1076.html

来源: REDHAT

名称: RHSA-2007:1068

链接:http://www.redhat.com/support/errata/RHSA-2007-1068.html

来源: REDHAT

名称: RHSA-2007:1065

链接:http://www.redhat.com/support/errata/RHSA-2007-1065.html

来源: REDHAT

名称: RHSA-2007:1063

链接:http://www.redhat.com/support/errata/RHSA-2007-1063.html

来源: REDHAT

名称: RHSA-2007:1059

链接:http://www.redhat.com/support/errata/RHSA-2007-1059.html

来源: www.pcre.org

链接:http://www.pcre.org/changelog.txt

来源: SUSE

名称: SUSE-SA:2007:062

链接:http://www.novell.com/linux/security/advisories/2007_62_pcre.html

来源: MANDRIVA

名称: MDVSA-2008:030

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:030

来源: MANDRIVA

名称: MDVSA-2008:012

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:012

来源: DEBIAN

名称: DSA-1570

链接:http://www.debian.org/security/2008/dsa-1570

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm

来源: GENTOO

名称: GLSA-200801-19

链接:http://security.gentoo.org/glsa/glsa-200801-19.xml

来源: GENTOO

名称: GLSA-200801-18

链接:http://security.gentoo.org/glsa/glsa-200801-18.xml

来源: GENTOO

名称: GLSA-200801-02

链接:http://security.gentoo.org/glsa/glsa-200801-02.xml

来源: GENTOO

名称: GLSA-200711-30

链接:http://security.gentoo.org/glsa/glsa-200711-30.xml

来源: SECUNIA

名称: 30106

链接:http://secunia.com/advisories/30106

来源: SECUNIA

名称: 28720

链接:http://secunia.com/advisories/28720

来源: SECUNIA

名称: 28714

链接:http://secunia.com/advisories/28714

来源: SECUNIA

名称: 28658

链接:http://secunia.com/advisories/28658

来源: SECUNIA

名称: 28414

链接:http://secunia.com/advisories/28414

来源: SECUNIA

名称: 28406

链接:http://secunia.com/advisories/28406

来源: SECUNIA

名称: 28050

链接:http://secunia.com/advisories/28050

来源: SECUNIA

名称: 28041

链接:http://secunia.com/advisories/28041

来源: SECUNIA

名称: 28027

链接:http://secunia.com/advisories/28027

来源: SECUNIA

名称: 27776

链接:http://secunia.com/advisories/27776

来源: SECUNIA

名称: 27773

链接:http://secunia.com/advisories/27773

来源: SECUNIA

名称: 27741

链接:http://secunia.com/advisories/27741

来源: MISC

链接:http://scary.beasts.org/security/CESA-2007-006.html

来源: SUSE

名称: SUSE-SA:2008:004

链接:http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

来源: MISC

链接:http://bugs.gentoo.org/show_bug.cgi?id=198976

来源: BUGTRAQ

名称: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

链接:http://www.securityfocus.com/archive/1/archive/1/488457/100/0/threaded

来源: REDHAT

名称: RHSA-2008:0546

链接:http://www.redhat.com/support/errata/RHSA-2008-0546.html

来源: VUPEN

名称: ADV-2008-1234

链接:http://www.frsirt.com/english/advisories/2008/1234/references

来源: VUPEN

名称: ADV-2008-0637

链接:http://www.frsirt.com/english/advisories/2008/0637

来源: GENTOO

名称: GLSA-200805-11

链接:http://security.gentoo.org/glsa/glsa-200805-11.xml

来源: GENTOO

名称: GLSA-200802-10

链接:http://security.gentoo.org/glsa/glsa-200802-10.xml

来源: SECUNIA

名称: 31124

链接:http://secunia.com/advisories/31124

来源: SECUNIA

名称: 30219

链接:http://secunia.com/advisories/30219

来源: SECUNIA

名称: 30155

链接:http://secunia.com/advisories/30155

来源: SECUNIA

名称: 29785

链接:http://secunia.com/advisories/29785

来源: SECUNIA

名称: 29085

链接:http://secunia.com/advisories/29085

来源: SECUNIA

名称: 29032

链接:http://secunia.com/advisories/29032

来源: ML

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多