CVE-2005-2491

HIGH

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

http://docs.info.apple.com/article.html?artnum=302847

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://marc.info/?l=bugtraq&m=112606064317223&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://secunia.com/advisories/16502

http://secunia.com/advisories/16679

http://secunia.com/advisories/17252

http://secunia.com/advisories/17813

http://secunia.com/advisories/19072

http://secunia.com/advisories/19193

http://secunia.com/advisories/19532

http://secunia.com/advisories/21522

http://secunia.com/advisories/22691

http://secunia.com/advisories/22875

http://securityreason.com/securityalert/604

http://securitytracker.com/id?1014744

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

http://www.debian.org/security/2005/dsa-800

http://www.debian.org/security/2005/dsa-817

http://www.debian.org/security/2005/dsa-819

http://www.debian.org/security/2005/dsa-821

http://www.ethereal.com/appnotes/enpa-sa-00021.html

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

http://www.novell.com/linux/security/advisories/2005_48_pcre.html

http://www.novell.com/linux/security/advisories/2005_49_php.html

http://www.novell.com/linux/security/advisories/2005_52_apache2.html

http://www.php.net/release_4_4_1.php

http://www.redhat.com/support/errata/RHSA-2005-358.html

http://www.redhat.com/support/errata/RHSA-2005-761.html

http://www.redhat.com/support/errata/RHSA-2006-0197.html

http://www.securityfocus.com/archive/1/427046/100/0/threaded

http://www.securityfocus.com/archive/1/428138/100/0/threaded

http://www.securityfocus.com/bid/14620

http://www.securityfocus.com/bid/15647

http://www.vupen.com/english/advisories/2005/1511

http://www.vupen.com/english/advisories/2005/2659

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2006/4320

http://www.vupen.com/english/advisories/2006/4502

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

Details

Source: MITRE

Published: 2005-08-23

Updated: 2018-10-19

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
41173SuSE9 Security Update : Python (YOU Patch Number 12013)NessusSuSE Local Security Checks
high
31656Apache < 2.0.55 Multiple VulnerabilitiesNessusWeb Servers
high
21927CentOS 4 : exim (CESA-2005:358)NessusCentOS Local Security Checks
high
21890CentOS 3 / 4 : python (CESA-2006:0197)NessusCentOS Local Security Checks
high
21854CentOS 3 / 4 : pcre (CESA-2005:761)NessusCentOS Local Security Checks
high
21502FreeBSD : pcre -- regular expression buffer overflow (b971d2a6-1670-11da-978e-0001020eed82)NessusFreeBSD Local Security Checks
high
21108HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)NessusHP-UX Local Security Checks
high
21107HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)NessusHP-UX Local Security Checks
high
21042RHEL 2.1 / 3 / 4 : python (RHSA-2006:0197)NessusRed Hat Local Security Checks
high
20583Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)NessusUbuntu Local Security Checks
high
20581Ubuntu 4.10 / 5.04 : pcre3, apache2 vulnerabilities (USN-173-2)NessusUbuntu Local Security Checks
high
20580Ubuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1)NessusUbuntu Local Security Checks
high
20445Mandrake Linux Security Advisory : php (MDKSA-2005:213)NessusMandriva Local Security Checks
high
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
medium
20249Mac OS X Multiple Vulnerabilities (Security Update 2005-009)NessusMacOS X Local Security Checks
high
20111PHP < 4.4.1 / 5.0.6 Multiple VulnerabilitiesNessusCGI abuses
high
19911Mandrake Linux Security Advisory : apache2 (MDKSA-2005:155)NessusMandriva Local Security Checks
high
19910Mandrake Linux Security Advisory : python (MDKSA-2005:154)NessusMandriva Local Security Checks
high
19909Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)NessusMandriva Local Security Checks
high
19908Mandrake Linux Security Advisory : php (MDKSA-2005:152)NessusMandriva Local Security Checks
high
19907Mandrake Linux Security Advisory : pcre (MDKSA-2005:151)NessusMandriva Local Security Checks
high
19863Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04)NessusSlackware Local Security Checks
high
19859Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-242-02)NessusSlackware Local Security Checks
high
19858Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PCRE library (SSA:2005-242-01)NessusSlackware Local Security Checks
high
19818GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC librariesNessusGentoo Local Security Checks
high
19811GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
19790Debian DSA-821-1 : python2.3 - integer overflowNessusDebian Local Security Checks
high
19788Debian DSA-819-1 : python2.1 - integer overflowNessusDebian Local Security Checks
high
19786Debian DSA-817-1 : python2.2 - integer overflowNessusDebian Local Security Checks
high
19687GLSA-200509-08 : Python: Heap overflow in the included PCRE libraryNessusGentoo Local Security Checks
high
19675RHEL 2.1 / 3 / 4 : pcre (RHSA-2005:761)NessusRed Hat Local Security Checks
high
19672RHEL 4 : exim (RHSA-2005:358)NessusRed Hat Local Security Checks
high
19577GLSA-200509-02 : Gnumeric: Heap overflow in the included PCRE libraryNessusGentoo Local Security Checks
high
19570Debian DSA-800-1 : pcre3 - integer overflowNessusDebian Local Security Checks
high
19537GLSA-200508-17 : libpcre: Heap integer overflowNessusGentoo Local Security Checks
high
3112Apache < 2.0.55 HTTP Smuggling VulnerabilityNessus Network MonitorWeb Servers
medium
3042Apache HTTP Request Parsing HTML Injection Nessus Network MonitorWeb Servers
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high
800576Apache HTTP Request Parsing HTML Injection Log Correlation EngineWeb Servers
high
800556Apache < 2.0.55 HTTP Smuggling VulnerabilityLog Correlation EngineWeb Servers
high