Vulnerabilities > CVE-2008-0674 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1499. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(31143);
  script_version("1.27");
  script_cvs_date("Date: 2019/08/02 13:32:21");

  script_cve_id("CVE-2008-0674");
  script_xref(name:"DSA", value:"1499");

  script_name(english:"Debian DSA-1499-1 : pcre3 - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that specially crafted regular expressions involving
codepoints greater than 255 could cause a buffer overflow in the PCRE
library (CVE-2008-0674 )."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1499"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the pcre3 package.

For the old stable distribution (sarge), this problem has been fixed
in version 4.5+7.4-2.

For the stable distribution (etch), this problem has been fixed in
version 6.7+7.4-3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pcre3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"libpcre3", reference:"4.5+7.4-2")) flag++;
if (deb_check(release:"3.1", prefix:"libpcre3-dev", reference:"4.5+7.4-2")) flag++;
if (deb_check(release:"3.1", prefix:"pcregrep", reference:"4.5+7.4-2")) flag++;
if (deb_check(release:"3.1", prefix:"pgrep", reference:"4.5+7.4-2")) flag++;
if (deb_check(release:"4.0", prefix:"libpcre3", reference:"6.7+7.4-3")) flag++;
if (deb_check(release:"4.0", prefix:"libpcre3-dev", reference:"6.7+7.4-3")) flag++;
if (deb_check(release:"4.0", prefix:"libpcrecpp0", reference:"6.7+7.4-3")) flag++;
if (deb_check(release:"4.0", prefix:"pcregrep", reference:"6.7+7.4-3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);
if (NASL_LEVEL < 3004) exit(0);



include("compat.inc");

if (description)
{
  script_id(33790);
  script_version("1.25");
  script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id(
    "CVE-2007-4850", 
    "CVE-2007-5135", 
    "CVE-2007-6199", 
    "CVE-2007-6200", 
    "CVE-2008-0599",
    "CVE-2008-0674", 
    "CVE-2008-1447", 
    "CVE-2008-2050", 
    "CVE-2008-2051", 
    "CVE-2008-2320",
    "CVE-2008-2321", 
    "CVE-2008-2322", 
    "CVE-2008-2323", 
    "CVE-2008-2324", 
    "CVE-2008-2325",
    "CVE-2008-2830", 
    "CVE-2008-2952"
  );
  script_bugtraq_id(
    25831, 
    26638, 
    26639, 
    27413, 
    27786, 
    29009, 
    29831, 
    30013, 
    30131, 
    30487,
    30488, 
    30489, 
    30490, 
    30492, 
    30493
  );
  script_xref(name:"Secunia", value:"31326");
  script_xref(name:"IAVA", value:"2008-A-0045");

  script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-005)");
  script_summary(english:"Check for the presence of Security Update 2008-005");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes various
security issues." );
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.5 or 10.4 that
does not have the security update 2008-005 applied. 

This update contains security fixes for a number of programs." );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2647" );
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jul/msg00003.html" );
  script_set_attribute(attribute:"solution", value:
"Install Security Update 2008-005 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(16, 119, 189, 264, 399);

  script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/01");
  script_set_attribute(attribute:"patch_publication_date", value: "2008/07/31");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");
  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages", "Host/uname");
  exit(0);
}


uname = get_kb_item("Host/uname");
if (!uname) exit(0);

if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
{
  packages = get_kb_item("Host/MacOSX/packages");
  if (!packages) exit(0);

  if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[5-8]||2009-|20[1-9][0-9]-)", string:packages))
    security_hole(0);
}
else if (egrep(pattern:"Darwin.* (9\.[0-4]\.)", string:uname))
{
  packages = get_kb_item("Host/MacOSX/packages/boms");
  if (!packages) exit(0);

  if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.005\.bom", string:packages))
    security_hole(0);
}

#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);
if (NASL_LEVEL < 3004) exit(0);

include("compat.inc");

if (description)
{
  script_id(40502);
  script_version("1.23");

  script_cve_id("CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235",
                "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726",
                "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191",
                "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194");
  script_bugtraq_id(27786, 28286, 33827, 34203, 35838, 36025);

  script_name(english:"Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities");
  script_summary(english:"Check the version of Mac OS X");

  script_set_attribute( attribute:"synopsis",  value:
"The remote host is missing a Mac OS X update that fixes various
security issues."  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is running a version of Mac OS X 10.5.x that is prior
to 10.5.8. 

Mac OS X 10.5.8 contains security fixes for the following products :

  - bzip2
  - CFNetwork
  - ColorSync
  - CoreTypes
  - Dock
  - Image RAW
  - ImageIO
  - Kernel
  - launchd
  - Login Window
  - MobileMe
  - Networking
  - XQuery"  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://support.apple.com/kb/HT3757"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to Mac OS X 10.5.8 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(16, 94, 119, 134, 189, 255, 264, 399);
  script_set_attribute(
    attribute:"vuln_publication_date", 
    value:"2009/08/05"
  );
  script_set_attribute(
    attribute:"patch_publication_date", 
    value:"2009/08/05"
  );
  script_set_attribute(
    attribute:"plugin_publication_date", 
    value:"2009/08/05"
  );
 script_cvs_date("Date: 2018/07/16 12:48:31");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");
 
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
 
  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");

 exit(0);
}


os = get_kb_item("Host/MacOSX/Version");
if (!os) os = get_kb_item("Host/OS");
if (!os) exit(1, "The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.");

if (ereg(pattern:"Mac OS X 10\.5\.[0-7]([^0-9]|$)", string:os)) security_hole(0);
else exit(0, "The host is not affected.");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-581-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(31166);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:33:01");

  script_cve_id("CVE-2008-0674");
  script_bugtraq_id(27786);
  script_xref(name:"USN", value:"581-1");

  script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : pcre3 vulnerability (USN-581-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that PCRE did not correctly handle very long strings
containing UTF8 sequences. In certain situations, an attacker could
exploit applications linked against PCRE by tricking a user or
automated system in processing a malicious regular expression leading
to a denial of service or possibly arbitrary code execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/581-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcrecpp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pcregrep");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pgrep");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.6.06.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.6.06.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.6.06.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.6.06.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"pgrep", pkgver:"7.4-0ubuntu0.6.06.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.6.10.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.6.10.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.6.10.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.6.10.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.7.04.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.7.04.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.7.04.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.7.04.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libpcre3", pkgver:"7.4-0ubuntu0.7.10.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libpcre3-dev", pkgver:"7.4-0ubuntu0.7.10.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libpcrecpp0", pkgver:"7.4-0ubuntu0.7.10.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"pcregrep", pkgver:"7.4-0ubuntu0.7.10.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre3 / libpcre3-dev / libpcrecpp0 / pcregrep / pgrep");
}