English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55505
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2005-92 (pcre)
Summary:Turbolinux TLSA-2005-92 (pcre)
Description:
The remote host is missing an update to pcre
announced via advisory TLSA-2005-92.

The PCRE library is a set of functions that implement regular expression
pattern matching using the same syntax and semantics as Perl 5, with just
a few differences. The current implementation corresponds to Perl 5.005,
with some additional features from later versions. This includes some
experimental, incomplete support for UTF-8 encoded strings.

The integer overflow vulnerabilities exist in pcre.

The pcre allows attackers to execute arbitrary code via quantifier values
in regular expressions, which leads to a heap-based buffer overflow.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-92

Risk factor : High
Cross-Ref: BugTraq ID: 15647
BugTraq ID: 14620
Common Vulnerability Exposure (CVE) ID: CVE-2005-2491
http://docs.info.apple.com/article.html?artnum=302847
Debian Security Information: DSA-800 (Google Search)
http://www.debian.org/security/2005/dsa-800
Debian Security Information: DSA-817 (Google Search)
http://www.debian.org/security/2005/dsa-817
Debian Security Information: DSA-819 (Google Search)
http://www.debian.org/security/2005/dsa-819
Debian Security Information: DSA-821 (Google Search)
http://www.debian.org/security/2005/dsa-821
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
HPdes Security Advisory: HPSBUX02074
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
HPdes Security Advisory: SSRT051251
HPdes Security Advisory: HPSBMA02159
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
HPdes Security Advisory: SSRT061238
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://marc.theaimsgroup.com/?l=bugtraq&m=112606064317223&w=2
http://www.redhat.com/support/errata/RHSA-2005-358.html
SCO Security Bulletin: SCOSA-2006.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
SuSE Security Announcement: SUSE-SA:2005:051 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=112605112027335&w=2
SuSE Security Announcement: SUSE-SA:2005:048 (Google Search)
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
SuSE Security Announcement: SUSE-SA:2005:049 (Google Search)
http://www.novell.com/linux/security/advisories/2005_49_php.html
SuSE Security Announcement: SUSE-SA:2005:052 (Google Search)
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15647
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11516
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2006/4502
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1496
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1659
http://securitytracker.com/id?1014744
http://secunia.com/advisories/17813
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://secunia.com/advisories/19072
http://secunia.com/advisories/19193
http://secunia.com/advisories/17252
http://secunia.com/advisories/19532
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.