Perl是一種免費且功能強大的編程語言。

Perl的正則表達式引擎在計算處理正則表達式所需空間的方式存在錯誤,本地攻擊者可能利用此漏洞提升權(quán)限。

如果用戶所發(fā)送到正則表達式中包含有Unicode數(shù)據(jù)的話,就會導(dǎo)致運行時自動切換到Unicode字符主題,之后再傳送的表達式就可能觸發(fā)堆溢出,導(dǎo)致在用戶機器上執(zhí)行任意指令。

受影響系統(tǒng)和軟件:

Larry Wall, Perl, 5.8.0
Larry Wall, Perl, 5.8.1
Larry Wall, Perl, 5.8.3
Larry Wall, Perl, 5.8.4
Larry Wall, Perl, 5.8.4.1
Larry Wall, Perl, 5.8.4.2
Larry Wall, Perl, 5.8.4.2.3
Larry Wall, Perl, 5.8.4.3
Larry Wall, Perl, 5.8.4.4
Larry Wall, Perl, 5.8.4.5
Larry Wall, Perl, 5.8.6
OpenPKG, OpenPKG, Current
MandrakeSoft, Multi Network Firewall, 2.0
Red Hat, Enterprise_linux_application_stack, 1.0
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1, IA64
– Running on Debian, Debian Linux, 3.1
– Running on Debian, Debian Linux, 4.0
– Running on Debian, Debian Linux, 4.0, Sparc
– Running on Debian, Debian Linux, 4.0, S390
– Running on Debian, Debian Linux, 4.0, Powerpc
– Running on Debian, Debian Linux, 4.0, Mipsel
– Running on Debian, Debian Linux, 4.0, Mips
– Running on Debian, Debian Linux, 4.0, M68k
– Running on Debian, Debian Linux, 4.0, Ia-64
– Running on Debian, Debian Linux, 4.0, Ia-32
– Running on Debian, Debian Linux, 4.0, Hppa
– Running on Debian, Debian Linux, 4.0, Arm
– Running on Debian, Debian Linux, 4.0, Amd64
– Running on Debian, Debian Linux, 4.0, Alpha
– Running on MandrakeSoft, Mandrake Linux, 2007.0
– Running on MandrakeSoft, Mandrake Linux, 2007.0, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2007.1
– Running on MandrakeSoft, Mandrake Linux, 2007.1, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2008.0
– Running on MandrakeSoft, Mandrake Linux, 2008.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0, X86_64
– Running on RPath, RPath Linux, 1
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Client
– Running on Red Hat, Enterprise Linux AS, 3.0
– Running on Red Hat, Enterprise Linux AS, 4.0
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Server
– Running on Red Hat, Enterprise Linux ES, 3.0
– Running on Red Hat, Enterprise Linux ES, 4.0
– Running on Red Hat, Enterprise Linux WS, 3.0
– Running on Red Hat, Enterprise Linux WS, 4.0
– Running on Red Hat, Desktop, 3.0
– Running on Red Hat, Desktop, 4.0

參考資源一:

https://bugzilla.redhat.com/show_bug.cgi?id=323571

參考資源二:

http://www.securityfocus.com/bid/26350

參考資源三:

http://www.redhat.com/support/errata/RHSA-2007-1011.html

致謝:

該漏洞由Tavis Ormandy和Will Drewry發(fā)現(xiàn)。

分享到

多易

相關(guān)推薦