Executive Summary
| Summary | |
|---|---|
| Title | New cscope packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1186 | First vendor Publication | 2006-09-30 |
| Vendor | Debian | Last vendor Modification | 2006-09-30 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code. For the stable distribution (sarge) this problem has been fixed in version cscope_15.5-1.1sarge2. For the unstable distribution (sid) this problem has been fixed in version 15.5+cvs20060902-1. We recommend that you upgrade your cscope package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1186 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9661 | |||
| Oval ID: | oval:org.mitre.oval:def:9661 | ||
| Title: | Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | ||
| Description: | Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-4262 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for cscope CESA-2009:1101 centos3 i386 File : nvt/gb_CESA-2009_1101_cscope_centos3_i386.nasl |
| 2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1101 File : nvt/RHSA_2009_1101.nasl |
| 2009-06-23 | Name : CentOS Security Advisory CESA-2009:1101 (cscope) File : nvt/ovcesa2009_1101.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-08 (cscope) File : nvt/glsa_200610_08.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1186-1 (cscope) File : nvt/deb_1186_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 28136 | Cscope Command Line reffile Argument Overflow Cscope contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error occurs within the parsing of command line arguments. It is possible that the flaw may allow the attacker to cause stack-based buffer overflow by supplying a very long 'reffile' argument resulting in a loss of integrity. |
| 28135 | Cscope cscope.lists Handling Multiple Overflows Cscope contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error occurs within the parsing of file lists or the expansion of environment variables. It is possible that the flaw may allow the attacker to cause stack-based buffer overflow by using specially crafted 'cscope.lists' files or directories resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090615_cscope_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2009-06-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
| 2006-10-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-08.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1186.nasl - Type : ACT_GATHER_INFO |
| 2006-10-10 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_74ff10f6520f11db8f1a000a48049292.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:26:14 |
|
