Perl Unicode规则表达式缓冲区溢出漏洞

2007-11-11T00:00:00
ID SSV:2414
Type seebug
Reporter Root
Modified 2007-11-11T00:00:00

Description

Perl是一款功能强大的编程语言。 Perl的规则表达式引擎存在一个缺陷,远程攻击者可以利用漏洞以Perl进程权限执行任意指令。 在处理Unicode规则表达式时存在一个缓冲区溢出,攻击者构建特殊的输入到规则表达式,可导致Perl不正确分配内存,导致以运行Perl进程的用户进程权限执行任意指令。

RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux v. 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Application Stack v1 for Enterprise Linux ES 4 RedHat Application Stack v1 for Enterprise Linux AS 4 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Larry Wall Perl 5.8.7 Larry Wall Perl 5.8.6 + Gentoo Linux Larry Wall Perl 5.8.5 + Turbolinux Turbolinux Server 10.0 Larry Wall Perl 5.8.4 -5 Larry Wall Perl 5.8.4 -4 Larry Wall Perl 5.8.4 -3 Larry Wall Perl 5.8.4 -2.3 Larry Wall Perl 5.8.4 -2 Larry Wall Perl 5.8.4 -1 Larry Wall Perl 5.8.4 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 Larry Wall Perl 5.8.3 + Gentoo Linux + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Larry Wall Perl 5.8.1 Larry Wall Perl 5.8 .0-88.3 Larry Wall Perl 5.8 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0

可参考如下安全公告获得补丁信息: <a href="https://rhn.redhat.com/errata/RHSA-2007-0966.html" target="_blank">https://rhn.redhat.com/errata/RHSA-2007-0966.html</a> <a href="http://rhn.redhat.com/errata/RHSA-2007-1011.html" target="_blank">http://rhn.redhat.com/errata/RHSA-2007-1011.html</a>