安全研究
安全漏洞
PCRE pcre_compile.c文件堆溢出漏洞
发布日期:2008-06-29
更新日期:2008-07-07
受影响系统:
PCRE PCRE 7.7描述:
CVE(CAN) ID: CVE-2008-2371
PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。
当PCRE在启动模式(pattern)指定选项的时候,为了防止将其不必要的编译到字节代码,会如pcre_compile()选项所指定的方式传送回调用程序(也就是/(?i)a|b/ == /a|b/i)。如果模式包含有多个分支的话,就会意外的将新选项回传的过远,仅有第一个分支获得了新的标记,而在第二次编译传送的时候会一直设置新的标记,导致大小计算传送和实际的编译传送之间出现不匹配,这可能触发堆溢出。
<*来源:Tavis Ormandy (taviso@gentoo.org)
链接:http://secunia.com/advisories/30916/
http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=228091
http://secunia.com/advisories/30944/
http://www.debian.org/security/2008/dsa-1602
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1602-1)以及相应补丁:
DSA-1602-1:New pcre3 packages fix arbitrary code execution
链接:http://www.debian.org/security/2008/dsa-1602
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc
Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz
Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb
Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb
Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb
Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb
Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb
Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb
Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb
Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb
Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb
Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb
Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb
Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb
Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb
Size/MD5 checksum: 90520 2dc1625becce40f479e50fdcf075571b
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb
Size/MD5 checksum: 252396 52692425252b9c4263fb2899918d0966
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb
Size/MD5 checksum: 197616 f228905aa01a3ae35801dc9b9b12c0ef
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb
Size/MD5 checksum: 20454 e991967c20b95fe40b0f45acd9eafa1d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb
Size/MD5 checksum: 197676 2debc2e40a4b17f562f82e5304ce8f4a
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb
Size/MD5 checksum: 253048 e442f8398410b41db288e77c36b4cd5f
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb
Size/MD5 checksum: 92152 bd22696efa2ad001a602c73d614f046c
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb
Size/MD5 checksum: 21270 88d9a6a11ccb43ad9d7e2f6418875619
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb
Size/MD5 checksum: 200044 6476b48137e32a76c3c85b09a901c0bc
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb
Size/MD5 checksum: 90586 de5f46464693e513d4045c0e037585ab
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb
Size/MD5 checksum: 20108 cdd1618521e5e64d04e5e26a49803b4f
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb
Size/MD5 checksum: 248498 4de3715c9a55f4aa0ba33fcde49ee7cd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb
Size/MD5 checksum: 197656 06f3298311fba7fb8bb4a072372c79b4
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb
Size/MD5 checksum: 19420 a4c54f7f457816b8e1f087055e959e23
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb
Size/MD5 checksum: 247278 7c41012b79be5869fcf03f6c71be98b0
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb
Size/MD5 checksum: 88798 5905a7ee0d9a17c564ef929655fd8cd7
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
浏览次数:3524
严重程度:0(网友投票)
绿盟科技给您安全的保障