FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1660

This CVE name corresponds to:

Entered Topic
2007-11-06 pcre -- arbitrary code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1660 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1660
Phase Assigned(20070324)

Description

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

References

Source Reference
BUGTRAQ 20071106 rPSA-2007-0231-1 pcre
BUGTRAQ 20071112 FLEA-2007-0064-1 pcre
BUGTRAQ 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
MLIST [gtk-devel-list] 20071107 GLib 2.14.3
MLIST [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
MISC http://bugs.gentoo.org/show_bug.cgi?id=198976
CONFIRM https://issues.rpath.com/browse/RPL-1738
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=315881
APPLE APPLE-SA-2007-12-17
APPLE APPLE-SA-2008-03-18
DEBIAN DSA-1399
DEBIAN DSA-1570
GENTOO GLSA-200711-30
GENTOO GLSA-200801-02
GENTOO GLSA-200801-18
GENTOO GLSA-200801-19
GENTOO GLSA-200805-11
MANDRIVA MDKSA-2007:211
MANDRIVA MDKSA-2007:212
MANDRIVA MDKSA-2007:213
REDHAT RHSA-2007:0967
REDHAT RHSA-2007:0968
REDHAT RHSA-2007:1063
REDHAT RHSA-2007:1065
REDHAT RHSA-2008:0546
SUSE SUSE-SA:2007:062
SUSE SUSE-SR:2007:025
SUSE SUSE-SA:2008:004
UBUNTU USN-547-1
CERT TA07-352A
BID 26346
OVAL oval:org.mitre.oval:def:10562
VUPEN ADV-2007-3725
VUPEN ADV-2007-3790
VUPEN ADV-2007-4238
VUPEN ADV-2008-0924
VUPEN ADV-2008-1234
SECTRACK 1018895
SECUNIA 27598
SECUNIA 27538
SECUNIA 27543
SECUNIA 27547
SECUNIA 27554
SECUNIA 27741
SECUNIA 27773
SECUNIA 27697
SECUNIA 27862
SECUNIA 27776
SECUNIA 27965
SECUNIA 28136
SECUNIA 28406
SECUNIA 28414
SECUNIA 28658
SECUNIA 28714
SECUNIA 28720
SECUNIA 29420
SECUNIA 29785
SECUNIA 30155
SECUNIA 30219
SECUNIA 31124
SECUNIA 30106
XF pcre-character-class-dos(38273)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.