FrSIRT - Mandriva Security Update Fixes PCRE Buffer Overflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes PCRE Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes PCRE Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2008-0692
CVE ID : CVE-2008-0674
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-02-28

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrry code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
f66cc76a64404759931c4a0e294285af 2007.1/i586/libpcre-devel-7.3-0.2mdv2007.1.i586.rpm
398634df4d9ef850e77b2e991d1981e7 2007.1/i586/libpcre0-7.3-0.2mdv2007.1.i586.rpm
59783fe07357f1d771c6b953c66c4883 2007.1/i586/pcre-7.3-0.2mdv2007.1.i586.rpm
bf690b6edb91404e0ab6314358c5c795 2007.1/SRPMS/pcre-7.3-0.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
de300c16c0ad2e5612991b680cd6cbed 2007.1/x86_64/lib64pcre-devel-7.3-0.2mdv2007.1.x86_64.rpm
dc97024fe03b3d1db03a50ed30caa1ba 2007.1/x86_64/lib64pcre0-7.3-0.2mdv2007.1.x86_64.rpm
eb406aefe4ce4e0f322efbd769771c8d 2007.1/x86_64/pcre-7.3-0.2mdv2007.1.x86_64.rpm
bf690b6edb91404e0ab6314358c5c795 2007.1/SRPMS/pcre-7.3-0.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
c45b591e7bd61c071bd9772ca3b881f7 2008.0/i586/libpcre-devel-7.3-1.1mdv2008.0.i586.rpm
1b34584fc1838f807eb4ffd31a228a6f 2008.0/i586/libpcre0-7.3-1.1mdv2008.0.i586.rpm
838806a0530f03fd3b143cd9c2a34fd3 2008.0/i586/pcre-7.3-1.1mdv2008.0.i586.rpm
67bf25833985dac61be2fb0d91299de6 2008.0/SRPMS/pcre-7.3-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d61b41e60e184372cf472755754a8265 2008.0/x86_64/lib64pcre-devel-7.3-1.1mdv2008.0.x86_64.rpm
729b49bb38bccf3d7b29116d95671c34 2008.0/x86_64/lib64pcre0-7.3-1.1mdv2008.0.x86_64.rpm
13c9971881a782b19369f58761a21f7a 2008.0/x86_64/pcre-7.3-1.1mdv2008.0.x86_64.rpm
67bf25833985dac61be2fb0d91299de6 2008.0/SRPMS/pcre-7.3-1.1mdv2008.0.src.rpm

ChangeLog

2008-02-28 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues