GLSA-200711-30 : PCRE: Multiple vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200711-30
(PCRE: Multiple vulnerabilities)

Tavis Ormandy (Google Security) discovered multiple vulnerabilities in
PCRE. He reported an error when processing '\\Q\\E' sequences with
unmatched '\\E' codes that can lead to the compiled bytecode being
corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for
unspecified 'multiple forms of character class', which triggers a
buffer overflow (CVE-2007-1660). Further improper calculations of
memory boundaries were reported when matching certain input bytes
against regex patterns in non UTF-8 mode (CVE-2007-1661) and when
searching for unmatched brackets or parentheses (CVE-2007-1662).
Multiple integer overflows when processing escape sequences may lead to
invalid memory read operations or potentially cause heap-based buffer
overflows (CVE-2007-4766). PCRE does not properly handle '\\P' and
'\\P{x}' sequences which can lead to heap-based buffer overflows or
trigger the execution of infinite loops (CVE-2007-4767), PCRE is also
prone to an error when optimizing character classes containing a
singleton UTF-8 sequence which might lead to a heap-based buffer
overflow (CVE-2007-4768).
Chris Evans also reported multiple integer overflow vulnerabilities in
PCRE when processing a large number of named subpatterns ('name_count')
or long subpattern names ('max_name_size') (CVE-2006-7227), and via
large 'min', 'max', or 'duplength' values (CVE-2006-7228) both possibly
leading to buffer overflows. Another vulnerability was reported when
compiling patterns where the '-x' or '-i' UTF-8 options change within
the pattern, which might lead to improper memory calculations

Impact :

An attacker could exploit these vulnerabilities by sending specially
crafted regular expressions to applications making use of the PCRE
library, which could possibly lead to the execution of arbitrary code,
a Denial of Service or the disclosure of sensitive information.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PCRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/libpcre-7.3-r1'

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : false

Family: Gentoo Local Security Checks

Nessus Plugin ID: 28319 (gentoo_GLSA-200711-30.nasl)

Bugtraq ID:

CVE ID: CVE-2006-7227

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now