发布时间 :2006-03-29 18:02:00
修订时间 :2011-03-07 21:30:04

[原文]flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.


        *YY_G(yy_state_ptr)++ = yy_current_state;

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  XF  flex-bypass-security(24995)
(PATCH)  BID  16896
(PATCH)  OSVDB  23440
(UNKNOWN)  VUPEN  ADV-2006-0770
(UNKNOWN)  MLIST  [flex-announce] 20060222 flex 2.5.33 released

- 漏洞信息

高危 缓冲区溢出
2006-03-29 00:00:00 2006-03-30 00:00:00
        *YY_G(yy_state_ptr)++ = yy_current_state;

- 公告与补丁


- 漏洞信息

Fast Lexical Analyzer Generator (Flex) Multiple Lexicographical Scanners Overflow
Location Unknown Input Manipulation, Attack Type Unknown
Loss of Integrity, Impact Unknown
Exploit Unknown

- 漏洞描述

Fast Lexical Analyzer Generator (Flex) contains a flaw that may allow arbitrary code execution. The issue is due to a buffer overflow in a particular class of lexicographical scanners generated by flex. It is unclear if there are additional vulnerabilities.

- 时间线

2006-02-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.5.33 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Flex Code Generation Buffer Overflow Vulnerability
Boundary Condition Error 16896
Yes No
2006-03-01 12:00:00 2007-01-02 05:52:00
Chris Moore discovered this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
GNU Flex 2.5.32
GNU Flex 2.5.31
GNU Flex 2.5.30
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
GNU Flex 2.5.33

- 不受影响的程序版本

GNU Flex 2.5.33

- 漏洞讨论

Flex is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in finite-sized memory buffers.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. This may facilitate a compromise of the underlying computer.

Flex versions 2.5.31 and prior are vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

The vendor has released version 2.5.33. to address this issue.

Please see the referenced vendor advisories for further information.

GNU Flex 2.5.30

GNU Flex 2.5.31

GNU Flex 2.5.32

Ubuntu Ubuntu Linux 4.1 ia32

Ubuntu Ubuntu Linux 4.1 ia64