Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:850068HistoryJan 28, 2009 - 12:00 a.m.
SuSE Update for pcre SUSE-SA:2007:062
2009-01-2800:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
9
0.039 Low
EPSS
Percentile
91.0%
Check for the Version of pcre
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2007_062.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for pcre SUSE-SA:2007:062
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_impact = "remote code execution";
tag_affected = "pcre on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1";
tag_insight = "Specially crafted regular expressions could lead to buffer overflows
in the pcre library. Applications using pcre to process regular
expressions from untrusted sources could therefore potentially be
exploited by attackers to execute arbitrary code as the user running
the application.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850068);
script_version("$Revision: 8050 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "SUSE-SA", value: "2007-062");
script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-4766", "CVE-2007-4767");
script_name( "SuSE Update for pcre SUSE-SA:2007:062");
script_summary("Check for the Version of pcre");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE10.3")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~7.2~14.2", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~7.2~14.2", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-32bit", rpm:"pcre-32bit~7.2~14.2", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "openSUSE10.2")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~6.7~25", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.7~25", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-32bit", rpm:"pcre-32bit~6.7~25", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESSr8")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~3.9~275", rls:"SLESSr8")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESDK10SP1")
{
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"SLESDK10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-32bit", rpm:"pcre-32bit~6.4~14.12", rls:"SLESDK10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"SLESDK10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "OES")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~4.4~109.10", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~4.4~109.10", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLES9")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~4.4~109.10", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~4.4~109.10", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "LES10SP1")
{
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-32bit", rpm:"pcre-32bit~6.4~14.12", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLDk9")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~4.4~109.10", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~4.4~109.10", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESDk10SP1")
{
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-32bit", rpm:"pcre-32bit~6.4~14.12", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SL10.1")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLPOS9")
{
if ((res = isrpmvuln(pkg:"pcre", rpm:"pcre~4.4~109.10", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~4.4~109.10", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}References
Related
suse
suse
remote code execution in pcre
2007-11-23 15:35:33
remote code execution in php4, php5
2008-01-29 14:18:48
openvas
openvas
Gentoo Security Advisory GLSA 200805-11 (chicken)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200801-02 (R)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200805-11 (chicken)
2008-09-24 00:00:00
nessus
nessus
Debian DSA-1570-1 : kazehakase - various
2008-05-09 00:00:00
GLSA-200711-30 : PCRE: Multiple vulnerabilities
2007-11-26 00:00:00
openSUSE 10 Security Update : pcre (pcre-4683)
2007-11-20 00:00:00
gentoo
gentoo
PCRE: Multiple vulnerabilities
2007-11-20 00:00:00
Python: PCRE Integer overflow
2008-02-23 00:00:00
debian
debian
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution
2007-11-05 00:00:00
osv
osv
pcre3 - arbitrary code execution
2007-11-05 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2007-11-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution
2007-11-07 00:00:00
PCRE and perl regular expression handling multiple security vulnerabilities
2007-11-07 00:00:00
[ GLSA 200802-10 ] Python: PCRE Integer overflow
2008-02-26 00:00:00
freebsd
freebsd
pcre -- arbitrary code execution
2007-11-05 00:00:00
oraclelinux
oraclelinux
Important: pcre security update
2007-11-30 00:00:00
Important: pcre security update
2007-12-04 00:00:00
Critical: pcre security update
2007-11-05 00:00:00
cve
cve
fedora
fedora
[SECURITY] Fedora 7 Update: pcre-7.3-3.fc7
2008-03-06 16:37:25
redhat
redhat
(RHSA-2007:1052) Important: pcre security update
2007-11-09 00:00:00
(RHSA-2007:1065) Moderate: pcre security update
2007-11-29 00:00:00
(RHSA-2007:1063) Important: pcre security update
2007-11-29 00:00:00
centos
centos
pcre security update
2007-11-10 05:09:58
pcre security update
2007-11-30 03:00:27
pcre security update
2007-11-29 16:25:21
ubuntucve
ubuntucve
debiancve
debiancve
vmware
vmware
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
2008-04-15 00:00:00
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
2008-04-15 00:00:00
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
prion
prion
Integer overflow
2007-11-07 23:46:00
Code injection
2007-11-07 23:46:00
Buffer overflow
2007-11-07 23:46:00