Vulnerabilities > CVE-2008-2371 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-628-1.NASL
    descriptionIt was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782) Maksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898) It was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user
    last seen2020-06-01
    modified2020-06-02
    plugin id33575
    published2008-07-24
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33575
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-210-09.NASL
    descriptionNew pcre packages are available for Slackware 12.0, 12.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id33754
    published2008-07-29
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33754
    titleSlackware 12.0 / 12.1 / current : pcre (SSA:2008-210-09)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6025.NASL
    descriptionThis update fixes a heap-based overflow caused by incorrect option handling in pcre (CVE-2008-2371) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33406
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33406
    titleFedora 8 : glib2-2.14.6-2.fc8 (2008-6025)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-624-2.NASL
    descriptionUSN-624-1 fixed a vulnerability in PCRE. This update provides the corresponding update for Erlang. Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id45473
    published2010-04-09
    reporterUbuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45473
    titleUbuntu 9.10 : erlang vulnerability (USN-624-2)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200811-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200811-05 (PHP: Multiple vulnerabilities) Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). Multiple crash issues in several PHP functions have been discovered. Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). An off-by-one error in the metaphone() function may lead to memory corruption. Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). Stefan Esser reported that a short-coming in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id34787
    published2008-11-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34787
    titleGLSA-200811-05 : PHP: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen2020-06-01
    modified2020-06-02
    plugin id34374
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34374
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6110.NASL
    description - Fri Jul 4 2008 Tomas Hoger <thoger at redhat.com> - 7.3-4 - Apply Tavis Ormandy
    last seen2020-06-01
    modified2020-06-02
    plugin id33414
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33414
    titleFedora 9 : pcre-7.3-4.fc9 (2008-6110)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_PCRE-080623.NASL
    descriptionSpecially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2008-2371).
    last seen2020-06-01
    modified2020-06-02
    plugin id40101
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40101
    titleopenSUSE Security Update : pcre (pcre-54)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6048.NASL
    description><i>From the release announcement: * Update to PCRE 7.7 - fix a heap-based </I>buffer overflow in PCRE (CVE-2008-2371) * Bug fixes: 528752 Win32 build and SSL not working 539074 Cannot get exit status with g_spawn_command_line_sync() 316221 G_LOCK warns about breaking strict-aliasing rules 519137 g_slice_dup macro needs cast for 64-bit platform 536158 also bump GHashTable version when a node is removed via g_hash_table_iter_remove()/g_hash_table_iter_steal() 529321 make check fails in glib/pcre 314453 Nautilus crashes in Solaris when browsing the attached file 502511 g_assert_cmphex prints invalid message 538119 glib
    last seen2020-06-01
    modified2020-06-02
    plugin id33411
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33411
    titleFedora 9 : glib2-2.16.4-1.fc9 (2008-6048)
  • NASL familyCGI abuses
    NASL idPHP_5_2_7.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities : - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack. (CVE-2008-2371) - Multiple directory traversal vulnerabilities exist in functions such as
    last seen2020-06-01
    modified2020-06-02
    plugin id35043
    published2008-12-05
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35043
    titlePHP 5 < 5.2.7 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200807-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200807-03 (PCRE: Buffer overflow) Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing
    last seen2020-06-01
    modified2020-06-02
    plugin id33460
    published2008-07-10
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33460
    titleGLSA-200807-03 : PCRE: Buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-147.NASL
    descriptionTavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service (CVE-2008-2371). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36245
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36245
    titleMandriva Linux Security Advisory : pcre (MDVSA-2008:147)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6111.NASL
    description - Fri Jul 4 2008 Tomas Hoger <thoger at redhat.com> - 7.3-4 - Apply Tavis Ormandy
    last seen2020-06-01
    modified2020-06-02
    plugin id33415
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33415
    titleFedora 8 : pcre-7.3-4.fc8 (2008-6111)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1602.NASL
    descriptionTavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id33403
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33403
    titleDebian DSA-1602-1 : pcre3 - buffer overflow
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_27D01223C45711DDA7210030843D3802.NASL
    descriptionSecunia reports : Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. An input validation error exists within the
    last seen2020-06-01
    modified2020-06-02
    plugin id35051
    published2008-12-08
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35051
    titleFreeBSD : php -- multiple vulnerabilities (27d01223-c457-11dd-a721-0030843d3802)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id38744
    published2009-05-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38744
    titleMac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-624-1.NASL
    descriptionTavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33504
    published2008-07-15
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33504
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : pcre3 vulnerability (USN-624-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PCRE-5366.NASL
    descriptionSpecially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2008-2371).
    last seen2020-06-01
    modified2020-06-02
    plugin id33433
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33433
    titleopenSUSE 10 Security Update : pcre (pcre-5366)

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 30087 CVE ID:CVE-2008-2371 CNCVE ID:CNCVE-20082371 PCRE(Perl兼容正则表达式)库是一款开放源代码的软件,可提供正则表达式支持。 PCRE pcre_compile.c文件存在堆溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 当PCRE在启动模式下指定选项时,为了避免将其不需要编译到字节代码,如通过pcre_compile()选项指定的方式传送回调用程序(如/(?i)a|b/ == /a|b/i),程序会正常处理,但是模式包含多个分支的情况下,新选项会意外的回传过远,因此当多有多个分支时,只有第一个分支获得新的标记,而在第二次编译时新标记会一直设置,导致大小计算传送和实际的编译传送之间出现不匹配,可触发堆溢出。 RedHat Fedora 9 0 RedHat Fedora 8 0 PCRE PCRE 7.7 GNOME glib 2.16.3 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 可参考如下安全公告获得补丁信息: <a href=http://sourceforge.net/projects/pcre/ target=_blank>http://sourceforge.net/projects/pcre/</a>
    idSSV:3568
    last seen2017-11-19
    modified2008-07-08
    published2008-07-08
    reporterRoot
    titlePCRE 规则表达式堆缓冲区溢出漏洞
  • bulletinFamilyexploit
    descriptionCVE(CAN) ID: CVE-2008-2371 PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。 当PCRE在启动模式(pattern)指定选项的时候,为了防止将其不必要的编译到字节代码,会如pcre_compile()选项所指定的方式传送回调用程序(也就是/(?i)a|b/ == /a|b/i)。如果模式包含有多个分支的话,就会意外的将新选项回传的过远,仅有第一个分支获得了新的标记,而在第二次编译传送的时候会一直设置新的标记,导致大小计算传送和实际的编译传送之间出现不匹配,这可能触发堆溢出。 PCRE 7.7 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1602-1)以及相应补丁: DSA-1602-1:New pcre3 packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1602 target=_blank>http://www.debian.org/security/2008/dsa-1602</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc</a> Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz</a> Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz</a> Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 90520 2dc1625becce40f479e50fdcf075571b <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 252396 52692425252b9c4263fb2899918d0966 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 197616 f228905aa01a3ae35801dc9b9b12c0ef <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 20454 e991967c20b95fe40b0f45acd9eafa1d powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 197676 2debc2e40a4b17f562f82e5304ce8f4a <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 253048 e442f8398410b41db288e77c36b4cd5f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 92152 bd22696efa2ad001a602c73d614f046c <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 21270 88d9a6a11ccb43ad9d7e2f6418875619 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 200044 6476b48137e32a76c3c85b09a901c0bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 90586 de5f46464693e513d4045c0e037585ab <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 20108 cdd1618521e5e64d04e5e26a49803b4f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 248498 4de3715c9a55f4aa0ba33fcde49ee7cd sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 197656 06f3298311fba7fb8bb4a072372c79b4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 19420 a4c54f7f457816b8e1f087055e959e23 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 247278 7c41012b79be5869fcf03f6c71be98b0 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 88798 5905a7ee0d9a17c564ef929655fd8cd7 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade
    idSSV:3564
    last seen2017-11-19
    modified2008-07-07
    published2008-07-07
    reporterRoot
    titlePCRE pcre_compile.c文件堆溢出漏洞

Statements

contributorMark J Cox
lastmodified2008-07-08
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References