Executive Summary
Summary | |
---|---|
Title | PCRE vulnerability |
Informations | |||
---|---|---|---|
Name | USN-624-1 | First vendor Publication | 2008-07-15 |
Vendor | Ubuntu | Last vendor Modification | 2008-07-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.04: Ubuntu 7.10: Ubuntu 8.04 LTS: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. |
Original Source
Url : http://www.ubuntu.com/usn/USN-624-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17537 | |||
Oval ID: | oval:org.mitre.oval:def:17537 | ||
Title: | USN-624-1 -- pcre3 vulnerability | ||
Description: | Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-624-1 CVE-2008-2371 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18659 | |||
Oval ID: | oval:org.mitre.oval:def:18659 | ||
Title: | DSA-1602-1 pcre3 - arbitrary code execution | ||
Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1602-1 CVE-2008-2371 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7744 | |||
Oval ID: | oval:org.mitre.oval:def:7744 | ||
Title: | DSA-1602 pcre3 -- buffer overflow | ||
Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1602 CVE-2008-2371 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.7 File : nvt/nopsec_php_5_2_7.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-04-09 | Name : Ubuntu Update for erlang vulnerability USN-624-2 File : nvt/gb_ubuntu_USN_624_2.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-22 | Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl |
2009-07-17 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02431 File : nvt/gb_hp_ux_HPSBUX02431.nasl |
2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:147 (pcre) File : nvt/gb_mandriva_MDVSA_2008_147.nasl |
2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-624-1 File : nvt/gb_ubuntu_USN_624_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl |
2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6110 File : nvt/gb_fedora_2008_6110_pcre_fc9.nasl |
2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6048 File : nvt/gb_fedora_2008_6048_glib2_fc9.nasl |
2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6025 File : nvt/gb_fedora_2008_6025_glib2_fc8.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl |
2008-12-10 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php54.nasl |
2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-03 (libpcre glib) File : nvt/glsa_200807_03.nasl |
2008-07-15 | Name : Debian Security Advisory DSA 1602-1 (pcre3) File : nvt/deb_1602_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-09 pcre File : nvt/esoft_slk_ssa_2008_210_09.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46690 | Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Hand... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-2.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_pcre-080623.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-147.nasl - Type : ACT_GATHER_INFO |
2008-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_27d01223c45711dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_2_7.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-09.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-1.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-03.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6110.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6048.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote openSUSE host is missing a security update. File : suse_pcre-5366.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6025.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1602.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:12 |
|