ID CVE-2005-2491
Summary Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:pcre:pcre:5.0
    cpe:2.3:a:pcre:pcre:5.0
  • cpe:2.3:a:pcre:pcre:6.0
    cpe:2.3:a:pcre:pcre:6.0
  • cpe:2.3:a:pcre:pcre:6.1
    cpe:2.3:a:pcre:pcre:6.1
CVSS
Base: 7.5 (as of 23-08-2005 - 10:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-009.NASL
    description The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 20249
    published 2005-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20249
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-009)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-800.NASL
    description An integer overflow with subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code. Since several packages link dynamically to this library you are advised to restart the corresponding services or programs respectively. The command 'apt-cache showpkg libpcre3' will list the corresponding packages in the 'Reverse Depends:' section.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19570
    published 2005-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19570
    title Debian DSA-800-1 : pcre3 - integer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-12 (Apache, mod_ssl: Multiple vulnerabilities) mod_ssl contains a security issue when 'SSLVerifyClient optional' is configured in the global virtual host configuration (CAN-2005-2700). Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CAN-2005-2491). Impact : Under a specific configuration, mod_ssl does not properly enforce the client-based certificate authentication directive, 'SSLVerifyClient require', in a per-location context, which could be potentially used by a remote attacker to bypass some restrictions. By creating a specially crafted '.htaccess' file, a local attacker could possibly exploit Apache's vulnerability, which would result in a local privilege escalation. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 19811
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19811
    title GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B971D2A6167011DA978E0001020EED82.NASL
    description The pcre library is vulnerable to a buffer overflow vulnerability due to insufficient validation of quantifier values. This could lead execution of arbitrary code with the permissions of the program using pcre by way of a specially crated regular expression.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21502
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21502
    title FreeBSD : pcre -- regular expression buffer overflow (b971d2a6-1670-11da-978e-0001020eed82)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0197.NASL
    description Updated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. Users of Python should upgrade to these updated packages, which contain a backported patch that is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21890
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21890
    title CentOS 3 / 4 : python (CESA-2006:0197)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-242-02.NASL
    description New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval() function. The eval() function is believed to be insecure as implemented, and would be difficult to secure. Note that these new packages now require that the PCRE package be installed, so be sure to get the new package from the patches/packages/ directory if you don't already have it. A new version of this (6.3) was also issued today, so be sure that is the one you install.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 19859
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19859
    title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-242-02)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-154.NASL
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19910
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19910
    title Mandrake Linux Security Advisory : python (MDKSA-2005:154)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-358.NASL
    description Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the 'exim' user. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. These erratum packages change Exim to use the system PCRE library instead of the internal one. These packages also fix a minor flaw where the Exim Monitor was incorrectly computing free space on very large file systems. Users should upgrade to these erratum packages and also ensure they have updated the system PCRE library, for which erratum packages are available separately in RHSA-2005:761
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21927
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21927
    title CentOS 4 : exim (CESA-2005:358)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-173-4.NASL
    description USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well. In gnumeric this bug could be exploited to execute arbitrary code with the privileges of the user if the user was tricked into opening a specially crafted spreadsheet document. In python, the impact depends on the particular application that uses python's 're' (regular expression) module. In python server applications that process unchecked arbitrary regular expressions with the 're' module, this could potentially be exploited to remotely execute arbitrary code with the privileges of the server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20583
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20583
    title Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-242-01.NASL
    description New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary code as the user running the application. The PCRE library is also provided in an initial installation by the aaa_elflibs package, so if your system has a /usr/lib/libpcre.so.0 symlink, then you should install this updated package even if the PCRE package itself is not installed on the system.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 19858
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19858
    title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PCRE library (SSA:2005-242-01)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34123.NASL
    description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 21107
    published 2006-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21107
    title HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-251-04.NASL
    description A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval() function. The eval() function is believed to be insecure as implemented, and would be difficult to secure. Note that this new package now requires that the PCRE package be installed, so be sure to get the new package from the patches/packages/ directory if you don't already have it.
    last seen 2019-02-21
    modified 2013-04-12
    plugin id 19863
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19863
    title Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34163.NASL
    description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 21108
    published 2006-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21108
    title HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200508-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-200508-17 (libpcre: Heap integer overflow) libpcre fails to check certain quantifier values in regular expressions for sane values. Impact : An attacker could possibly exploit this vulnerability to execute arbitrary code by sending specially crafted regular expressions to applications making use of the libpcre library. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 19537
    published 2005-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19537
    title GLSA-200508-17 : libpcre: Heap integer overflow
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-821.NASL
    description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19790
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19790
    title Debian DSA-821-1 : python2.3 - integer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0197.NASL
    description Updated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. Users of Python should upgrade to these updated packages, which contain a backported patch that is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21042
    published 2006-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21042
    title RHEL 2.1 / 3 / 4 : python (RHSA-2006:0197)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-358.NASL
    description Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the 'exim' user. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. These erratum packages change Exim to use the system PCRE library instead of the internal one. These packages also fix a minor flaw where the Exim Monitor was incorrectly computing free space on very large file systems. Users should upgrade to these erratum packages and also ensure they have updated the system PCRE library, for which erratum packages are available separately in RHSA-2005:761
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19672
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19672
    title RHEL 4 : exim (RHSA-2005:358)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-155.NASL
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. 10.1 and 10.2/LE2005 are already built against the system pcre.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19911
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19911
    title Mandrake Linux Security Advisory : apache2 (MDKSA-2005:155)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-153.NASL
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy of pcre code. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19909
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19909
    title Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-819.NASL
    description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19788
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19788
    title Debian DSA-819-1 : python2.1 - integer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12013.NASL
    description Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41173
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41173
    title SuSE9 Security Update : Python (YOU Patch Number 12013)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-817.NASL
    description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19786
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19786
    title Debian DSA-817-1 : python2.2 - integer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-761.NASL
    description Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain 'apache' privileges. For applications supplied with Red Hat Enterprise Linux, a maximum security impact of moderate has been assigned. Users should update to these erratum packages that contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19675
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19675
    title RHEL 2.1 / 3 / 4 : pcre (RHSA-2005:761)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-152.NASL
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19908
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19908
    title Mandrake Linux Security Advisory : php (MDKSA-2005:152)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-151.NASL
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19907
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19907
    title Mandrake Linux Security Advisory : pcre (MDKSA-2005:151)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-19 (PHP: Vulnerabilities in included PCRE and XML-RPC libraries) PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact : An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19818
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19818
    title GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-213.NASL
    description A number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using 'service httpd restart' in order for the new packages to take effect ('service httpd2-naat restart' for MNF2).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20445
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20445
    title Mandrake Linux Security Advisory : php (MDKSA-2005:213)
  • NASL family CGI abuses
    NASL id PHP_4_4_1.NASL
    description According to its banner, the version of PHP installed on the remote host is older than 4.4.1 or 5.0.6. Such versions fail to protect the '$GLOBALS' superglobals variable from being overwritten due to weaknesses in the file upload handling code as well as the 'extract()' and 'import_request_variables()' functions. Depending on the nature of the PHP applications on the affected host, exploitation of this issue may lead to any number of attacks, including arbitrary code execution. In addition, these versions may enable an attacker to exploit an integer overflow flaw in certain certain versions of the PCRE library, to enable PHP's 'register_globals' setting even if explicitly disabled in the configuration, and to launch cross-site scripting attacks involving PHP's 'phpinfo()' function.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 20111
    published 2005-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20111
    title PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-173-1.NASL
    description A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20580
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20580
    title Ubuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-173-2.NASL
    description USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was determined that this did not suffice to prevent all possible overflows, so another update is necessary. In addition, it was found that the Ubuntu 4.10 version of Apache 2 contains a static copy of the library code, so this package needs to be updated as well. In Ubuntu 5.04, Apache 2 uses the external library from the libpcre3 package. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20581
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20581
    title Ubuntu 4.10 / 5.04 : pcre3, apache2 vulnerabilities (USN-173-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-761.NASL
    description Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain 'apache' privileges. For applications supplied with Red Hat Enterprise Linux, a maximum security impact of moderate has been assigned. Users should update to these erratum packages that contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21854
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21854
    title CentOS 3 / 4 : pcre (CESA-2005:761)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-02 (Gnumeric: Heap overflow in the included PCRE library) Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Impact : An attacker could potentially exploit this vulnerability by tricking a user into opening a specially crafted spreadsheet, which could lead to the execution of arbitrary code with the privileges of the user running Gnumeric. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19577
    published 2005-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19577
    title GLSA-200509-02 : Gnumeric: Heap overflow in the included PCRE library
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-08 (Python: Heap overflow in the included PCRE library) The 're' Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Impact : An attacker could target a Python-based web application (or SUID application) that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code (or privilege escalation). Workaround : Python users that don't run any Python web application or SUID application (or that run one that wouldn't use untrusted inputs as regular expressions) are not affected by this issue.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19687
    published 2005-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19687
    title GLSA-200509-08 : Python: Heap overflow in the included PCRE library
  • NASL family Web Servers
    NASL id APACHE_2_0_55.NASL
    description The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where 'SSLVerifyClient' is not enforced in per-location context if 'SSLVerifyClient optional' is configured in the vhost configuration. (CVE-2005-2700) - A denial of service vulnerability exists when processing a large byte range request, as well as a flaw in the 'worker.c' module which could allow an attacker to force this service to consume excessive amounts of memory. (CVE-2005-2970) - When Apache is acting as a proxy, it is possible for a remote attacker to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header. (CVE-2005-2088) - Multiple integer overflows exists in PCRE in quantifier parsing which could be triggered by a local user through use of a specially crafted regex in an .htaccess file. (CVE-2005-2491) - An issue exists where the byte range filter buffers responses into memory. (CVE-2005-2728) - An off-by-one overflow exists in mod_ssl while printing CRL information at 'LogLevel debug' which could be triggered if configured to use a 'malicious CRL'. (CVE-2005-1268)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 31656
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31656
    title Apache < 2.0.55 Multiple Vulnerabilities
oval via4
  • accepted 2013-04-29T04:14:32.292-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:11516
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    version 25
  • accepted 2007-10-02T08:08:09.337-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:1496
    status accepted
    submitted 2006-03-18T07:24:00.000-04:00
    title Webproxy Integer Overflow in pcre_compile
    version 32
  • accepted 2007-10-02T08:08:10.207-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:1659
    status accepted
    submitted 2006-03-18T07:24:00.000-04:00
    title VirusVault Integer Overflow in pcre_compile
    version 32
  • accepted 2006-01-25T07:30:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:735
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title Apache Integer Overflow in pcre_compile.c
    version 31
redhat via4
advisories
  • bugzilla
    id 166335
    title CVE-2005-2491 PCRE heap overflow
    oval
    OR
    • AND
      comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • AND
      comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0197
    released 2006-03-09
    severity Moderate
    title RHSA-2006:0197: python security update (Moderate)
  • rhsa
    id RHSA-2005:358
  • rhsa
    id RHSA-2005:761
refmap via4
apple APPLE-SA-2005-11-29
bid
  • 14620
  • 15647
confirm
debian
  • DSA-800
  • DSA-817
  • DSA-819
  • DSA-821
fedora FLSA:168516
gentoo
  • GLSA-200508-17
  • GLSA-200509-02
  • GLSA-200509-08
  • GLSA-200509-12
  • GLSA-200509-19
hp
  • HPSBMA02159
  • HPSBOV02683
  • HPSBUX02074
  • SSRT051251
  • SSRT061238
  • SSRT090208
openpkg OpenPKG-SA-2005.018
sco SCOSA-2006.10
sectrack 1014744
secunia
  • 16502
  • 16679
  • 17252
  • 17813
  • 19072
  • 19193
  • 19532
  • 21522
  • 22691
  • 22875
sgi 20060401-01-U
sreason 604
sunalert 102198
suse
  • SUSE-SA:2005:048
  • SUSE-SA:2005:049
  • SUSE-SA:2005:051
  • SUSE-SA:2005:052
trustix TSLSA-2005-0059
vupen
  • ADV-2005-1511
  • ADV-2005-2659
  • ADV-2006-0789
  • ADV-2006-4320
  • ADV-2006-4502
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 15-12-2016 - 21:59
Published 23-08-2005 - 00:00
Last modified 19-10-2018 - 11:33
Back to Top