Executive Summary
| Summary | |
|---|---|
| Title | PCRE vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-581-1 | First vendor Publication | 2008-02-21 |
| Vendor | Ubuntu | Last vendor Modification | 2008-02-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-581-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16801 | |||
| Oval ID: | oval:org.mitre.oval:def:16801 | ||
| Title: | USN-581-1 -- pcre3 vulnerability | ||
| Description: | It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-581-1 CVE-2008-0674 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18757 | |||
| Oval ID: | oval:org.mitre.oval:def:18757 | ||
| Title: | DSA-1499-1 pcre3 - arbitrary code execution | ||
| Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0674">CVE-2008-0674</a>). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1499-1 CVE-2008-0674 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7886 | |||
| Oval ID: | oval:org.mitre.oval:def:7886 | ||
| Title: | DSA-1499 pcre3 -- buffer overflow | ||
| Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1499 CVE-2008-0674 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-06-21 | Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:053 (pcre) File : nvt/gb_mandriva_MDVSA_2008_053.nasl |
| 2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-581-1 File : nvt/gb_ubuntu_USN_581_1.nasl |
| 2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for glib2 FEDORA-2008-1533 File : nvt/gb_fedora_2008_1533_glib2_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1783 File : nvt/gb_fedora_2008_1783_pcre_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1842 File : nvt/gb_fedora_2008_1842_pcre_fc7.nasl |
| 2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
| 2008-10-07 | Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-24 (libpcre glib) File : nvt/glsa_200803_24.nasl |
| 2008-09-04 | Name : FreeBSD Ports: pcre File : nvt/freebsd_pcre1.nasl |
| 2008-02-28 | Name : Debian Security Advisory DSA 1499-1 (pcre3) File : nvt/deb_1499_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41989 | Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-08-05 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-053.nasl - Type : ACT_GATHER_INFO |
| 2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
| 2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
| 2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO |
| 2008-05-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO |
| 2008-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-24.nasl - Type : ACT_GATHER_INFO |
| 2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1842.nasl - Type : ACT_GATHER_INFO |
| 2008-03-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f9e96930e6df11dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO |
| 2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1499.nasl - Type : ACT_GATHER_INFO |
| 2008-02-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-581-1.nasl - Type : ACT_GATHER_INFO |
| 2008-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1783.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1533.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:04:57 |
|
