Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
perl
(Unknown)
Описание
Переполнение буфера в модуле поддержки полиморфных символов в Regular Expression Engine (regcomp.c) в Perl позволяет злоумышленникам выполнить произвольный код, если перейти от однобайтовых символов к символам Unicode (UTF) в регулярном выражении.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.perl.com/
http://www.perl.com/
Ссылки
CERT (TA07-352A): http://www.us-cert.gov/cas/techalerts/TA07-352A.html
MANDRIVA (MDKSA-2007:207): http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
CONFIRM (https://issues.rpath.com/browse/RPL-1813): https://issues.rpath.com/browse/RPL-1813
MISC (https://bugzilla.redhat.com/show_bug.cgi?id=378131): https://bugzilla.redhat.com/show_bug.cgi?id=378131
MISC (https://bugzilla.redhat.com/show_bug.cgi?id=323571): https://bugzilla.redhat.com/show_bug.cgi?id=323571
XF (perl-unicode-bo(38270)): http://xforce.iss.net/xforce/xfdb/38270
CONFIRM (http://www.vmware.com/security/advisories/VMSA-2008-0001.html): http://www.vmware.com/security/advisories/VMSA-2008-0001.html
UBUNTU (USN-552-1): http://www.ubuntu.com/usn/usn-552-1
BID (26350): http://www.securityfocus.com/bid/26350
BUGTRAQ (20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded
BUGTRAQ (20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded
BUGTRAQ (20071112 FLEA-2007-0069-1 perl): http://www.securityfocus.com/archive/1/archive/1/483584/100/0/threaded
BUGTRAQ (20071110 FLEA-2007-0063-1 perl): http://www.securityfocus.com/archive/1/archive/1/483563/100/0/threaded
REDHAT (RHSA-2007:1011): http://www.redhat.com/support/errata/RHSA-2007-1011.html
REDHAT (RHSA-2007:0966): http://www.redhat.com/support/errata/RHSA-2007-0966.html
OPENPKG (OpenPKG-SA-2007.023): http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
SUSE (SUSE-SR:2007:024): http://www.novell.com/linux/security/advisories/2007_24_sr.html
CONFIRM (http://www.ipcop.org/index.php?name=News&file=article&sid=41): http://www.ipcop.org/index.php?name=News&file=article&sid=41
GENTOO (GLSA-200711-28): http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
VUPEN (ADV-2007-4255): http://www.frsirt.com/english/advisories/2007/4255
VUPEN (ADV-2007-4238): http://www.frsirt.com/english/advisories/2007/4238
VUPEN (ADV-2007-3724): http://www.frsirt.com/english/advisories/2007/3724
DEBIAN (DSA-1400): http://www.debian.org/security/2007/dsa-1400
AIXAPAR (IZ10244): http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
AIXAPAR (IZ10220): http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
SECTRACK (1018899): http://securitytracker.com/id?1018899
MLIST ([Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://lists.vmware.com/pipermail/security-announce/2008/000002.html
APPLE (APPLE-SA-2007-12-17): http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307179): http://docs.info.apple.com/article.html?artnum=307179
CONFIRM (ftp://aix.software.ibm.com/aix/efixes/security/README): ftp://aix.software.ibm.com/aix/efixes/security/README
VUPEN (ADV-2008-0641): http://www.frsirt.com/english/advisories/2008/0641
VUPEN (ADV-2008-0064): http://www.frsirt.com/english/advisories/2008/0064
SUNALERT (231524): http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
SUNALERT (31524): http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
HP (HPSBTU02311): http://marc.info/?l=bugtraq&m=120352263023774&w=2
MANDRIVA (MDKSA-2007:207): http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
CONFIRM (https://issues.rpath.com/browse/RPL-1813): https://issues.rpath.com/browse/RPL-1813
MISC (https://bugzilla.redhat.com/show_bug.cgi?id=378131): https://bugzilla.redhat.com/show_bug.cgi?id=378131
MISC (https://bugzilla.redhat.com/show_bug.cgi?id=323571): https://bugzilla.redhat.com/show_bug.cgi?id=323571
XF (perl-unicode-bo(38270)): http://xforce.iss.net/xforce/xfdb/38270
CONFIRM (http://www.vmware.com/security/advisories/VMSA-2008-0001.html): http://www.vmware.com/security/advisories/VMSA-2008-0001.html
UBUNTU (USN-552-1): http://www.ubuntu.com/usn/usn-552-1
BID (26350): http://www.securityfocus.com/bid/26350
BUGTRAQ (20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded
BUGTRAQ (20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded
BUGTRAQ (20071112 FLEA-2007-0069-1 perl): http://www.securityfocus.com/archive/1/archive/1/483584/100/0/threaded
BUGTRAQ (20071110 FLEA-2007-0063-1 perl): http://www.securityfocus.com/archive/1/archive/1/483563/100/0/threaded
REDHAT (RHSA-2007:1011): http://www.redhat.com/support/errata/RHSA-2007-1011.html
REDHAT (RHSA-2007:0966): http://www.redhat.com/support/errata/RHSA-2007-0966.html
OPENPKG (OpenPKG-SA-2007.023): http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
SUSE (SUSE-SR:2007:024): http://www.novell.com/linux/security/advisories/2007_24_sr.html
CONFIRM (http://www.ipcop.org/index.php?name=News&file=article&sid=41): http://www.ipcop.org/index.php?name=News&file=article&sid=41
GENTOO (GLSA-200711-28): http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
VUPEN (ADV-2007-4255): http://www.frsirt.com/english/advisories/2007/4255
VUPEN (ADV-2007-4238): http://www.frsirt.com/english/advisories/2007/4238
VUPEN (ADV-2007-3724): http://www.frsirt.com/english/advisories/2007/3724
DEBIAN (DSA-1400): http://www.debian.org/security/2007/dsa-1400
AIXAPAR (IZ10244): http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
AIXAPAR (IZ10220): http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
SECTRACK (1018899): http://securitytracker.com/id?1018899
MLIST ([Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages): http://lists.vmware.com/pipermail/security-announce/2008/000002.html
APPLE (APPLE-SA-2007-12-17): http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307179): http://docs.info.apple.com/article.html?artnum=307179
CONFIRM (ftp://aix.software.ibm.com/aix/efixes/security/README): ftp://aix.software.ibm.com/aix/efixes/security/README
VUPEN (ADV-2008-0641): http://www.frsirt.com/english/advisories/2008/0641
VUPEN (ADV-2008-0064): http://www.frsirt.com/english/advisories/2008/0064
SUNALERT (231524): http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
SUNALERT (31524): http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
HP (HPSBTU02311): http://marc.info/?l=bugtraq&m=120352263023774&w=2
