PCRE pcre_compile.c文件堆溢出漏洞

2008-07-07T00:00:00
ID SSV:3564
Type seebug
Reporter Root
Modified 2008-07-07T00:00:00

Description

CVE(CAN) ID: CVE-2008-2371

PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。

当PCRE在启动模式(pattern)指定选项的时候,为了防止将其不必要的编译到字节代码,会如pcre_compile()选项所指定的方式传送回调用程序(也就是/(?i)a|b/ == /a|b/i)。如果模式包含有多个分支的话,就会意外的将新选项回传的过远,仅有第一个分支获得了新的标记,而在第二次编译传送的时候会一直设置新的标记,导致大小计算传送和实际的编译传送之间出现不匹配,这可能触发堆溢出。

PCRE 7.7 厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1602-1)以及相应补丁: DSA-1602-1:New pcre3 packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1602 target=_blank>http://www.debian.org/security/2008/dsa-1602</a>

补丁下载:

Source archives:

<a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc</a> Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz</a> Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz</a> Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b

alpha architecture (DEC Alpha)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c

amd64 architecture (AMD x86_64 (AMD64))

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6

arm architecture (ARM)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2

hppa architecture (HP PA RISC)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9

i386 architecture (Intel ia32)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544

ia64 architecture (Intel ia64)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e

mips architecture (MIPS (Big Endian))

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21

mipsel architecture (MIPS (Little Endian))

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 90520 2dc1625becce40f479e50fdcf075571b <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 252396 52692425252b9c4263fb2899918d0966 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 197616 f228905aa01a3ae35801dc9b9b12c0ef <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 20454 e991967c20b95fe40b0f45acd9eafa1d

powerpc architecture (PowerPC)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 197676 2debc2e40a4b17f562f82e5304ce8f4a <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 253048 e442f8398410b41db288e77c36b4cd5f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 92152 bd22696efa2ad001a602c73d614f046c <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 21270 88d9a6a11ccb43ad9d7e2f6418875619

s390 architecture (IBM S/390)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 200044 6476b48137e32a76c3c85b09a901c0bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 90586 de5f46464693e513d4045c0e037585ab <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 20108 cdd1618521e5e64d04e5e26a49803b4f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 248498 4de3715c9a55f4aa0ba33fcde49ee7cd

sparc architecture (Sun SPARC/UltraSPARC)

<a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 197656 06f3298311fba7fb8bb4a072372c79b4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 19420 a4c54f7f457816b8e1f087055e959e23 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 247278 7c41012b79be5869fcf03f6c71be98b0 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 88798 5905a7ee0d9a17c564ef929655fd8cd7

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

首先,使用下面的命令更新内部数据库: # apt-get update

然后,使用下面的命令安装更新软件包: # apt-get upgrade