FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5116

This CVE name corresponds to:

Entered Topic
2007-11-06 perl -- regular expressions unicode data buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5116 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5116
Phase Assigned(20070927)

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

References

Source Reference
BUGTRAQ 20071110 FLEA-2007-0063-1 perl
BUGTRAQ 20071112 FLEA-2007-0069-1 perl
BUGTRAQ 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
BUGTRAQ 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
MLIST [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
MISC https://bugzilla.redhat.com/show_bug.cgi?id=323571
MISC https://bugzilla.redhat.com/show_bug.cgi?id=378131
CONFIRM https://issues.rpath.com/browse/RPL-1813
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
CONFIRM ftp://aix.software.ibm.com/aix/efixes/security/README
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0001.html
CONFIRM http://www.ipcop.org/index.php?name=News&file=article&sid=41
AIXAPAR IZ10220
AIXAPAR IZ10244
APPLE APPLE-SA-2007-12-17
DEBIAN DSA-1400
GENTOO GLSA-200711-28
HP HPSBTU02311
HP SSRT080001
MANDRIVA MDKSA-2007:207
OPENPKG OpenPKG-SA-2007.023
REDHAT RHSA-2007:0966
REDHAT RHSA-2007:1011
SUNALERT 31524
SUNALERT 231524
SUNALERT 1018985
SUSE SUSE-SR:2007:024
UBUNTU USN-552-1
CERT TA07-352A
BID 26350
OVAL oval:org.mitre.oval:def:10669
VUPEN ADV-2007-3724
VUPEN ADV-2007-4238
VUPEN ADV-2007-4255
VUPEN ADV-2008-0064
VUPEN ADV-2008-0641
SECTRACK 1018899
SECUNIA 27531
SECUNIA 27546
SECUNIA 27479
SECUNIA 27515
SECUNIA 27548
SECUNIA 27613
SECUNIA 27570
SECUNIA 27936
SECUNIA 28167
SECUNIA 28368
SECUNIA 28387
SECUNIA 27756
SECUNIA 28993
SECUNIA 29074
SECUNIA 31208
XF perl-unicode-bo(38270)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.