Perl regcomp.c Heap Overflow Arbitrary Code Execution

Authors:anonymous            Risk:High

CVE:CVE-2018-6797           0day:Arbitrary Code Execution 

0day -id:0DAY-6797           Date:2018-04-24

Description

A vulnerability in Perl could allow a local attacker to execute arbitrary code on a targeted system.

The vulnerability is in the S_regatom() function defined in the source code file regcomp.c, and is due to improper memory operations that are performed by the affected software when handling regular expressions. An attacker could exploit the vulnerability by accessing the system and executing Perl with a regular expression that submits malicious input to the Perl interpreter. A successful exploit could cause a heap buffer overflow with attacker control over the bytes written, which could allow arbitrary code execution.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

Perl.org has confirmed the vulnerability and released software updates.

Analysis

To exploit this vulnerability, the attacker must have user-level access to the targeted system. This access requirement could reduce the likelihood of a successful exploit.

Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor critical systems.

Vendor Announcements

Perl.org has published a bug at the following link: Bug 132227 for perl5

Red Hat has released an official CVE statement and a security advisory for bug 1547783 at the following links: CVE-2018-6797 and RHSA-2018:1192

Fixed Software

Perl.org has released source code and software updates at the following links:
abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
Perl 5.26.2-RC1
Perl 5.24.4-RC1

Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later by using the yum tool.

Revision History

Version Description Section Date
2 Red Hat has released a security advisory and updated packages to address the Perl regcomp.c regular expression heap overflow arbitrary code execution vulnerability. Vendor Announcements, Fixed Software, Affected Products 2018-April-23
1 Initial public release. 2018-April-17

Affected Products

The security vulnerability applies to the following combinations of products. 

Primary Products
O Reilly And Associates, Inc. Perl 5.4 (Base) | 5.5 (Base) | 5.6.0 (Base) | 5.6.1 (Base) | 5.6.2 (Base) | 5.7.0 (Base) | 5.7.1 (Base) | 5.7.2 (Base) | 5.7.3 (Base) | 5.16 (.0, .1, .2, .3) | 5.17 (.0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11) | 5.18 (.0, .1, .2, .3, .4) | 5.19 (.0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11) | 5.20 (.0, .1, .2, .3) | 5.21 (.0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11) | 5.22 (.0, .1, .2, .3, .4) | 5.23 (.0, .1, .2, .3, .4, .5, .6, .7, .8, .9) | 5.24 (.0, .1, .2, .3) | 5.25 (.0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11, .12) | 5.26 (.0, .1) | 5.27 (.0, .1, .2, .3, .4)
Associated Products
Red Hat, Inc. Red Hat Software Collections 1 for RHEL 6 (x86_64) | 1 for RHEL 7 (x86_64) | 1 for RHEL 6.7 (x86_64) | 1 for RHEL Workstation 7 (x86_64) | 1 for RHEL Workstation 6 (x86_64) | 1 for RHEL 7.3 (x86_64) | 1 for RHEL 7.4 (x86_64)

 

 

 

Leave a Reply