Perl是一種免費(fèi)且功能強(qiáng)大的編程語言。

Perl的正則表達(dá)式引擎在計(jì)算處理正則表達(dá)式所需空間的方式存在錯(cuò)誤,本地攻擊者可能利用此漏洞提升權(quán)限。

如果用戶所發(fā)送到正則表達(dá)式中包含有Unicode數(shù)據(jù)的話,就會導(dǎo)致運(yùn)行時(shí)自動切換到Unicode字符主題,之后再傳送的表達(dá)式就可能觸發(fā)堆溢出,導(dǎo)致在用戶機(jī)器上執(zhí)行任意指令。

受影響系統(tǒng)和軟件:

Larry Wall, Perl, 5.8.0
Larry Wall, Perl, 5.8.1
Larry Wall, Perl, 5.8.3
Larry Wall, Perl, 5.8.4
Larry Wall, Perl, 5.8.4.1
Larry Wall, Perl, 5.8.4.2
Larry Wall, Perl, 5.8.4.2.3
Larry Wall, Perl, 5.8.4.3
Larry Wall, Perl, 5.8.4.4
Larry Wall, Perl, 5.8.4.5
Larry Wall, Perl, 5.8.6
OpenPKG, OpenPKG, Current
MandrakeSoft, Multi Network Firewall, 2.0
Red Hat, Enterprise_linux_application_stack, 1.0
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1
– Running on Red Hat, Advanced Workstation Itanium Processor, 2.1, IA64
– Running on Debian, Debian Linux, 3.1
– Running on Debian, Debian Linux, 4.0
– Running on Debian, Debian Linux, 4.0, Sparc
– Running on Debian, Debian Linux, 4.0, S390
– Running on Debian, Debian Linux, 4.0, Powerpc
– Running on Debian, Debian Linux, 4.0, Mipsel
– Running on Debian, Debian Linux, 4.0, Mips
– Running on Debian, Debian Linux, 4.0, M68k
– Running on Debian, Debian Linux, 4.0, Ia-64
– Running on Debian, Debian Linux, 4.0, Ia-32
– Running on Debian, Debian Linux, 4.0, Hppa
– Running on Debian, Debian Linux, 4.0, Arm
– Running on Debian, Debian Linux, 4.0, Amd64
– Running on Debian, Debian Linux, 4.0, Alpha
– Running on MandrakeSoft, Mandrake Linux, 2007.0
– Running on MandrakeSoft, Mandrake Linux, 2007.0, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2007.1
– Running on MandrakeSoft, Mandrake Linux, 2007.1, X86_64
– Running on MandrakeSoft, Mandrake Linux, 2008.0
– Running on MandrakeSoft, Mandrake Linux, 2008.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0
– Running on MandrakeSoft, Mandrake Corporate Server, 3.0, X86_64
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0
– Running on MandrakeSoft, Mandrake Corporate Server, 4.0, X86_64
– Running on RPath, RPath Linux, 1
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Client
– Running on Red Hat, Enterprise Linux AS, 3.0
– Running on Red Hat, Enterprise Linux AS, 4.0
– Running on Red Hat, Enterprise Linux Desktop, 5.0, Server
– Running on Red Hat, Enterprise Linux ES, 3.0
– Running on Red Hat, Enterprise Linux ES, 4.0
– Running on Red Hat, Enterprise Linux WS, 3.0
– Running on Red Hat, Enterprise Linux WS, 4.0
– Running on Red Hat, Desktop, 3.0
– Running on Red Hat, Desktop, 4.0

參考資源一:

https://bugzilla.redhat.com/show_bug.cgi?id=323571

參考資源二:

http://www.securityfocus.com/bid/26350

參考資源三:

http://www.redhat.com/support/errata/RHSA-2007-1011.html

致謝:

該漏洞由Tavis Ormandy和Will Drewry發(fā)現(xiàn)。

分享到

多易

相關(guān)推薦