Perl Unicode “\Q...\E”正则表达式缓冲区溢出漏洞

2008-04-28T00:00:00
ID SSV:3226
Type seebug
Reporter Root
Modified 2008-04-28T00:00:00

Description

BUGTRAQ ID: 28928 CVE(CAN) ID: CVE-2008-1927

Perl是一种免费且功能强大的编程语言。

Perl在处理畸形的正则表达式时存在漏洞,如果用户所提供的正则表达式字符包含在“\Q...\E”结构所保护的变量中的话,则Perl解释器在编译正则表达式时可能会出现缓冲区溢出,导致拒绝服务的情况。

Larry Wall Perl 5.8.8 厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1556-1)以及相应补丁: DSA-1556-1:New perl packages fix denial of service 链接:<a href=http://www.debian.org/security/2008/dsa-1556 target=_blank>http://www.debian.org/security/2008/dsa-1556</a>

补丁下载:

Source archives:

<a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.dsc target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.dsc</a> Size/MD5 checksum: 1033 a76db5d6c1c52e969641f262971d671b <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.diff.gz</a> Size/MD5 checksum: 96868 456e57f3e1d3c9ec432175496a646030 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz</a> Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7

Architecture independent packages:

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch2_all.deb</a> Size/MD5 checksum: 2313432 dbbb5c3c64e2384db97b4b487610bc5e <a href=http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch2_all.deb</a> Size/MD5 checksum: 7348546 ed4582d9dede3e6c429d7501c3111e72 <a href=http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch2_all.deb</a> Size/MD5 checksum: 40980 b0ff6226ffb342f1e2c8c53c32caf5b3

alpha architecture (DEC Alpha)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 2928386 41db11aedf1d642eb51480cc470a8224 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 1010 b69362a76dd48c17fbaff2359ec70265 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 821430 ea7cb927f31fa3af3126b59f6d4eaa6f <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 36236 221645a1bfb73e770341721b33ba8b85 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 4149744 1259a2a2bd2a85bfcf64479cc85e199b <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_alpha.deb</a> Size/MD5 checksum: 879670 defb0e74374d71b16b438b874ba13a8b

amd64 architecture (AMD x86_64 (AMD64))

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 32800 22480b2f4bded243ae1f621f0fe59fef <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 808850 61e1d09c98fb1fb5f12483ae9f63ab79 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 630448 81613abb6e184e1ff68f673b3b08f3bd <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 4238138 f1ecc46e8ea9796aae6c7874c283c57d <a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 2734908 3ca5eb6e7cc032d82753d33ad83b4a01 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_amd64.deb</a> Size/MD5 checksum: 1010 25a444e727fd3a6d204bc6a536dfa30d

arm architecture (ARM)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 2547782 215f4806d209971c26a9e2512ed167de <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 759522 2ccda175882dbc65cde4daa434732548 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 561950 a2acd57d7f18526aed26b050231154ba <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 30340 beae7b26e01fd5b0a4d8b5db515649f0 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 1010 d1e558624e4e24aee24890df02555be5 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_arm.deb</a> Size/MD5 checksum: 3409080 a4b034d2ffc6a29beda68107b2080e01

hppa architecture (HP PA RISC)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 2735266 e1af1045ebc3795f553d32add1d76d64 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 33196 a7514f8ff72218d50b6c79762fdd52c0 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 869350 f3436a83fc1201da8f603cb27f996b35 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 1014 deef1f78fc7d8c7171ec154090c62ed5 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 693972 1bbba786896bff50ceac5d58dcfc6c37 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_hppa.deb</a> Size/MD5 checksum: 4195310 04541825adc3460e914bd3079174959f

i386 architecture (Intel ia32)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 2491262 c99e05f4ae2cc54041eb0c47b9d43d14 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 526958 91c2e4ff10f98219b062bc930d800bb9 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 32074 fa1e0caf1940a0ff8665b82a2d2f26e3 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 3583758 2dbf25e51b8cf7a082f7afd04427ffdc <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 585400 133aee0f403d7c31abb59c32600de5c9 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_i386.deb</a> Size/MD5 checksum: 760350 5864e59b250a597ea524357e603decbc

ia64 architecture (Intel ia64)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 51282 930868ee78bf728282c2c779ae0e439e <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 1153370 04a4c670d2ba5470234cd60e16362c12 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 977470 a572348ac95a6050529871738a09eb45 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 3364140 078fce96136de4f893678630237be8fa <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 4335648 a96e0ee84c4024a0b49b61b7c7fb0b4b <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_ia64.deb</a> Size/MD5 checksum: 1014 c7f68e8b50d41aade5a7a3cdf75d4373

mips architecture (MIPS (Big Endian))

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 2781044 f5e48f307a9bbc84d68c7f474e5a2541 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 32222 1b5f5a124882606ceb2b4f5801081e7f <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 1010 7b177e038a86893333a0ef2951489cbb <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 693726 64abc926643ec3fa1dc3189948491772 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 785736 8a67775aaba9228bc9c1b100f2f5f3d1 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_mips.deb</a> Size/MD5 checksum: 3678816 6b60afdd9010bac0d2a9f353ba5d249b

mipsel architecture (MIPS (Little Endian))

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 784398 fd31742e635dd9c0fe468c6bfa5a0d40 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 2729530 c91ec6207992ff835d3f7eaf4e188a76 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 32336 52f9c48eaf781eb3c1356705f7ae143f <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 3413324 0fe5f12ac26b6dfb335d55db699a0cc6 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 687108 54d8b8b5c7ab9ddd96cc1eb00174a5ba <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_mipsel.deb</a> Size/MD5 checksum: 1016 72acf47685af2821bcd7120c3288d16f

powerpc architecture (PowerPC)

<a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 32908 377ca57ed879c2d325dfbd2ece75d3f3 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 2709324 0f9215154a4caba359525de6b92a7a9c <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 653286 7a9fdda2a07cbcf721f2200de30cbb12 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 3824700 23d8303bbba2cb597fa250b4caa0a565 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 1006 644993449bbeb42ae0f145d46d422431 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_powerpc.deb</a> Size/MD5 checksum: 810628 3082d54b4866297abf981f5bd4b45521

s390 architecture (IBM S/390)

<a href=http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 1012 f2ddd8fcaa8cc11d8472da9719ddf757 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 2796222 45bb1fa51a3420a040373c3671fa0466 <a href=http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 823028 733c85331bb3327f4c8a1bec6e231091 <a href=http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 4099882 7e7c3d76475f2a488070d2e9538a9f3f <a href=http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 33094 7740f1d01184c5931e943bdb0aa00185 <a href=http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch2_s390.deb</a> Size/MD5 checksum: 633506 3dd38df3fedd8f6a9d8bec505bc9f60b

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

首先,使用下面的命令更新内部数据库: # apt-get update

然后,使用下面的命令安装更新软件包: # apt-get upgrade

                                        
                                            
                                                http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=test.pl;att=2;bug=454792