Perl Unicode规则表达式缓冲区溢出漏洞

Perl是一款功能强大的编程语言。 Perl的规则表达式引擎存在一个缺陷，远程攻击者可以利用漏洞以Perl进程权限执行任意指令。 在处理Unicode规则表达式时存在一个缓冲区溢出，攻击者构建特殊的输入到规则表达式，可导致Perl不正确分配内存，导致以运行Perl进程的用户进程权限执行任意指令。 RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux v. 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Application Stack v1 for Enterprise Linux ES 4 RedHat Application Stack v1 for Enterprise Linux AS 4 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Larry Wall Perl 5.8.7 Larry Wall Perl 5.8.6 + Gentoo Linux Larry Wall Perl 5.8.5 + Turbolinux Turbolinux Server 10.0 Larry Wall Perl 5.8.4 -5 Larry Wall Perl 5.8.4 -4 Larry Wall Perl 5.8.4 -3 Larry Wall Perl 5.8.4 -2.3 Larry Wall Perl 5.8.4 -2 Larry Wall Perl 5.8.4 -1 Larry Wall Perl 5.8.4 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 Larry Wall Perl 5.8.3 + Gentoo Linux + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Larry Wall Perl 5.8.1 Larry Wall Perl 5.8 .0-88.3 Larry Wall Perl 5.8 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0 可参考如下安全公告获得补丁信息： <a href="https://rhn.redhat.com/errata/RHSA-2007-0966.html" target="_blank">https://rhn.redhat.com/errata/RHSA-2007-0966.html</a> <a href="http://rhn.redhat.com/errata/RHSA-2007-1011.html" target="_blank">http://rhn.redhat.com/errata/RHSA-2007-1011.html</a>