Perl Unicode正则表达式堆溢出漏洞

中心编号:NIPC-2007-3611CVE编号:CVE-2007-5116

漏洞级别:紧急

发布日期:2007-11-07

更新日期:2007-11-08

攻击方式:远程

攻击效果:管理员访问权限,未授权的信息泄漏,拒绝服务

漏洞描述:


Perl是一种免费且功能强大的编程语言。

Perl的正则表达式引擎在计算处理正则表达式所需空间的方式存在错误,本地攻击者可能利用此漏洞提升权限。

如果用户所发送到正则表达式中包含有Unicode数据的话,就会导致运行时自动切换到Unicode字符主题,之后再传送的表达式就可能触发堆溢出,导致在用户机器上执行任意指令。

受影响系统和软件:


Larry Wall, Perl, 5.8.0
Larry Wall, Perl, 5.8.1
Larry Wall, Perl, 5.8.3
Larry Wall, Perl, 5.8.4
Larry Wall, Perl, 5.8.4.1
Larry Wall, Perl, 5.8.4.2
Larry Wall, Perl, 5.8.4.2.3
Larry Wall, Perl, 5.8.4.3
Larry Wall, Perl, 5.8.4.4
Larry Wall, Perl, 5.8.4.5
Larry Wall, Perl, 5.8.6
OpenPKG, OpenPKG, Current
MandrakeSoft, Multi Network Firewall, 2.0
Red Hat, Enterprise_linux_application_stack, 1.0
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1, IA64
– Running on Debian, Debian Linux, 3.1
– Running on Debian, Debian Linux, 4.0
– Running on Debian, Debian Linux, 4.0, Sparc
– Running on Debian, Debian Linux, 4.0, S390
– Running on Debian, Debian Linux, 4.0, Powerpc
– Running on Debian, Debian Linux, 4.0, Mipsel
– Running on Debian, Debian Linux, 4.0, Mips
– Running on Debian, Debian Linux, 4.0, M68k
– Running on Debian, Debian Linux, 4.0, Ia-64
– Running on Debian, Debian Linux, 4.0, Ia-32
– Running on Debian, Debian Linux, 4.0, Hppa
– Running on Debian, Debian Linux, 4.0, Arm
– Running on Debian, Debian Linux, 4.0, Amd64
– Running on Debian, Debian Linux, 4.0, Alpha
– Running on MandrakeSoft, Mandrake Linux, 2007.0
– Running on MandrakeSoft, Mandrake Linux, 2007.0, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2007.1
– Running on MandrakeSoft, Mandrake Linux, 2007.1, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2008.0
– Running on MandrakeSoft, Mandrake Linux, 2008.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0, X86_64
– Running on RPath, RPath Linux, 1
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Client
– Running on Red Hat, Enterprise Linux AS, 3.0
– Running on Red Hat, Enterprise Linux AS, 4.0
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Server
– Running on Red Hat, Enterprise Linux ES, 3.0
– Running on Red Hat, Enterprise Linux ES, 4.0
– Running on Red Hat, Enterprise Linux WS, 3.0
– Running on Red Hat, Enterprise Linux WS, 4.0
– Running on Red Hat, Desktop, 3.0
– Running on Red Hat, Desktop, 4.0

参考资源一:


https://bugzilla.redhat.com/show_bug.cgi?id=323571

参考资源二:


http://www.securityfocus.com/bid/26350

参考资源三:


http://www.redhat.com/support/errata/RHSA-2007-1011.html

致谢:


该漏洞由Tavis Ormandy和Will Drewry发现。