CVE-2007-4768

Executive Summary

Informations
Name	CVE-2007-4768	First vendor Publication	2007-11-07
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides user account access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9701

Oval ID:	oval:org.mitre.oval:def:9701
Title:	Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Description:	Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4768	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 3 AND flash-plugin is earlier than 0:9.0.115.0-1.el3.with.oss OR redhat-release is version 4 AND flash-plugin is earlier than 0:9.0.115.0-1.el4 OR redhat-release is version 5 AND flash-plugin is earlier than 0:9.0.115.0-1.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Pcre Pcre cpe:/a:pcre:pcre:7.3 cpe:/a:pcre:pcre:6.1 cpe:/a:pcre:pcre:6.0	3

Open Source Vulnerability Database (OSVDB)

id	Description
40766	Perl-Compatible Regular Expression (PCRE) Singleton Unicode Sequence Handling...

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BID	http://www.securityfocus.com/bid/26346
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/483357/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483579/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.us-cert.gov/cas/techalerts/TA07-355A.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.adobe.com/support/security/bulletins/apsb08-13.html https://issues.rpath.com/browse/RPL-1738
DEBIAN	http://www.debian.org/security/2007/dsa-1399 http://www.debian.org/security/2008/dsa-1570
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
GENTOO	http://security.gentoo.org/glsa/glsa-200711-30.xml http://security.gentoo.org/glsa/glsa-200801-02.xml http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-19.xml http://security.gentoo.org/glsa/glsa-200805-11.xml http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
MISC	http://bugs.gentoo.org/show_bug.cgi?id=198976
MLIST	http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-1126.html
SECTRACK	http://securitytracker.com/id?1019116
SECUNIA	http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 http://secunia.com/advisories/27697 http://secunia.com/advisories/27741 http://secunia.com/advisories/28136 http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28570 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/29267 http://secunia.com/advisories/29420 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 http://secunia.com/advisories/30219 http://secunia.com/advisories/30507 http://secunia.com/advisories/30840
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
UBUNTU	http://www.ubuntulinux.org/support/documentation/usn/usn-547-1
VUPEN	http://www.vupen.com/english/advisories/2007/3725 http://www.vupen.com/english/advisories/2007/3790 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2007/4258 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1724/references http://www.vupen.com/english/advisories/2008/1966/references
XF	http://xforce.iss.net/xforce/xfdb/38278

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:36:03	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	3
osvdb(s)	1

Related	Severity
TA07-355A	(Critical)
TA07-352A	(Critical)
SUN-238305	(Critical)
SUN-239286	(Critical)
GLSA-200801-07	(Critical)
USN-547-1	(High)
MDKSA-2007:211	(High)
GLSA-200805-11	(High)
GLSA-200801-19	(High)
GLSA-200801-18	(High)
GLSA-200801-02	(High)
GLSA-200711-30	(High)
DSA-1570	(High)
DSA-1399	(High)
RHSA-2007:1126	(Medium)