Executive Summary
Summary | |
---|---|
Title | cscope security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1101 | First vendor Publication | 2009-06-15 |
Vendor | RedHat | Last vendor Modification | 2009-06-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 203645 - CVE-2006-4262 cscope: multiple buffer overflows 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows 499174 - CVE-2009-1577 cscope: putstring buffer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1101.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10069 | |||
Oval ID: | oval:org.mitre.oval:def:10069 | ||
Title: | Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | ||
Description: | Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-2541 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13645 | |||
Oval ID: | oval:org.mitre.oval:def:13645 | ||
Title: | DSA-1806-1 cscope -- buffer overflows | ||
Description: | Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files. For the stable distribution, this problem has been fixed in version 15.6-6+lenny1. Due to a technical limitation in the Debian archive management scripts the update for the old stable distribution cannot be released synchronously. It will be fixed in version 15.6-2+etch1 soon. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your cscope package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1806-1 CVE-2009-0148 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | cscope |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22213 | |||
Oval ID: | oval:org.mitre.oval:def:22213 | ||
Title: | ELSA-2009:1102: cscope security update (Moderate) | ||
Description: | Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1102-01 CVE-2004-2541 CVE-2009-0148 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cscope |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29254 | |||
Oval ID: | oval:org.mitre.oval:def:29254 | ||
Title: | RHSA-2009:1102 -- cscope security update (Moderate) | ||
Description: | An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2009-0148) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1102 CESA-2009:1102-CentOS 5 CVE-2004-2541 CVE-2009-0148 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cscope |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8245 | |||
Oval ID: | oval:org.mitre.oval:def:8245 | ||
Title: | DSA-1806 cscope -- buffer overflows | ||
Description: | Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1806 CVE-2009-0148 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | cscope |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9633 | |||
Oval ID: | oval:org.mitre.oval:def:9633 | ||
Title: | Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. | ||
Description: | Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0148 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9661 | |||
Oval ID: | oval:org.mitre.oval:def:9661 | ||
Title: | Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | ||
Description: | Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4262 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9837 | |||
Oval ID: | oval:org.mitre.oval:def:9837 | ||
Title: | Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file. | ||
Description: | Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1577 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for cscope CESA-2009:1102 centos5 i386 File : nvt/gb_CESA-2009_1102_cscope_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cscope CESA-2009:1101 centos3 i386 File : nvt/gb_CESA-2009_1101_cscope_centos3_i386.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1102 (cscope) File : nvt/ovcesa2009_1102.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1101 File : nvt/RHSA_2009_1101.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1101 (cscope) File : nvt/ovcesa2009_1101.nasl |
2009-06-23 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope3.nasl |
2009-06-23 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope2.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1102 File : nvt/RHSA_2009_1102.nasl |
2009-05-25 | Name : Gentoo Security Advisory GLSA 200905-02 (cscope) File : nvt/glsa_200905_02.nasl |
2009-05-25 | Name : Debian Security Advisory DSA 1806-1 (cscope) File : nvt/deb_1806_1.nasl |
2009-05-18 | Name : Cscope Multiple Buffer Overflow vulnerability File : nvt/gb_cscope_mult_bof_vuln.nasl |
2009-05-18 | Name : Cscope putstring Multiple Buffer Overflow vulnerability File : nvt/gb_cscope_putstring_mult_bof_vuln.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200606-10 (Cscope) File : nvt/glsa_200606_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-08 (cscope) File : nvt/glsa_200610_08.nasl |
2008-09-04 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope1.nasl |
2008-09-04 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1186-1 (cscope) File : nvt/deb_1186_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1064-1 (cscope) File : nvt/deb_1064_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56399 | Cscope find.c putstring Function Source Code File Handling Multiple Overflows |
56274 | Cscope Path Name Input Remote Overflow |
56273 | Cscope source-code Token Remote Overflow |
28136 | Cscope Command Line reffile Argument Overflow Cscope contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error occurs within the parsing of command line arguments. It is possible that the flaw may allow the attacker to cause stack-based buffer overflow by supplying a very long 'reffile' argument resulting in a loss of integrity. |
28135 | Cscope cscope.lists Handling Multiple Overflows Cscope contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error occurs within the parsing of file lists or the expansion of environment variables. It is possible that the flaw may allow the attacker to cause stack-based buffer overflow by using specially crafted 'cscope.lists' files or directories resulting in a loss of integrity. |
11920 | Cscope #include filename Overflow A local overflow exists in Cscope. Cscope fails to check the length of passed values resulting in an environment variable overflow. With a specially crafted #include filename, an attacker can cause the $PATHNAME to overflow resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1102.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090615_cscope_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1102.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_91a2066b5ab611debc9b0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c14aa48c5ab711debc9b0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1101.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1102.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1806.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-02.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-08.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1186.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1064.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_74ff10f6520f11db8f1a000a48049292.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200606-10.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_72d8df84ea6d11da8a5300123ffe8333.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:35 |
|