GLSA-200711-30 : PCRE: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200711-30
(PCRE: Multiple vulnerabilities)

Tavis Ormandy (Google Security) discovered multiple vulnerabilities in
PCRE. He reported an error when processing '\\Q\\E' sequences with
unmatched '\\E' codes that can lead to the compiled bytecode being
corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for
unspecified 'multiple forms of character class', which triggers a
buffer overflow (CVE-2007-1660). Further improper calculations of
memory boundaries were reported when matching certain input bytes
against regex patterns in non UTF-8 mode (CVE-2007-1661) and when
searching for unmatched brackets or parentheses (CVE-2007-1662).
Multiple integer overflows when processing escape sequences may lead to
invalid memory read operations or potentially cause heap-based buffer
overflows (CVE-2007-4766). PCRE does not properly handle '\\P' and
'\\P{x}' sequences which can lead to heap-based buffer overflows or
trigger the execution of infinite loops (CVE-2007-4767), PCRE is also
prone to an error when optimizing character classes containing a
singleton UTF-8 sequence which might lead to a heap-based buffer
overflow (CVE-2007-4768).
Chris Evans also reported multiple integer overflow vulnerabilities in
PCRE when processing a large number of named subpatterns ('name_count')
or long subpattern names ('max_name_size') (CVE-2006-7227), and via
large 'min', 'max', or 'duplength' values (CVE-2006-7228) both possibly
leading to buffer overflows. Another vulnerability was reported when
compiling patterns where the '-x' or '-i' UTF-8 options change within
the pattern, which might lead to improper memory calculations
(CVE-2006-7230).

Impact :

An attacker could exploit these vulnerabilities by sending specially
crafted regular expressions to applications making use of the PCRE
library, which could possibly lead to the execution of arbitrary code,
a Denial of Service or the disclosure of sensitive information.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml

Solution :

All PCRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/libpcre-7.3-r1'

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 28319 (gentoo_GLSA-200711-30.nasl)

Bugtraq ID:

CVE ID: CVE-2006-7227
CVE-2006-7228
CVE-2006-7230
CVE-2007-1659
CVE-2007-1660
CVE-2007-1661
CVE-2007-1662
CVE-2007-4766
CVE-2007-4767
CVE-2007-4768