PCRE Multiple Vulnerabilities

Secunia ID	SA27543
CVE-ID	CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768
Release Date	06 Nov 2007
Criticality	Moderately Critical Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction. This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
Solution Status	Vendor Patch
Software	PCRE 6.x PCRE 7.x
Where	From remote "From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network. This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Description	Some vulnerabilities have been reported in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library. 1) An error exists in the processing of "\Q\E" sequences with orphan "\E" codes. This can be exploited to desynchronize the compiled regular expression and execute corrupted bytecode. 2) An error in the processing of multiple unspecified character classes can be exploited to trigger an insufficient memory allocation. 3) An error exists in the processing of multiple "\X?\d" and "\P{L}?\d" patterns in non-UTF-8 mode. This can be exploited to crash an affected process or to disclose restricted memory. 4) An error exists in multiple unspecified routines when searching for unmatched brackets or parentheses. This can be exploited to crash an affected application via a specially crafted string. 5) Some integer overflow errors when processing escape sequences can be exploited to crash an affected application or potentially cause heap-based buffer overflows. 6) Some errors exist in the processing of "\P" and "\P{x}" sequences. This can be exploited to cause heap-based buffer overflows or trigger the execution of infinite loops. 7) An error in the optimization of character classes containing a lone unicode sequence can be exploited to cause a heap-based buffer overflow. The vulnerabilities are reported in versions prior to 7.3.
Solution	Update to version 7.3 or later.
Reported by	Debian credits Tavis Ormandy, Google Security Team
Original Advisory	http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00177.html