oss-sec mailing list archives
Re: Old cscope buffer overflow
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 6 May 2009 11:49:14 -0400 (EDT)
On Tue, 5 May 2009, Tomas Hoger wrote:
If you're preparing cscope updates for CVE-2009-0148 and you may still be shipping packages based on 15.5, you may want to have a look at: https://bugzilla.redhat.com/show_bug.cgi?id=499174 Steve, as the first public report for this is from 2006: https://bugzilla.redhat.com/show_bug.cgi?id=189666 I believe 2006 CVE id is needed here.
We recently updated CVE-2009-0148 for overflows in cscope before 15.7a. Is this the same issue, or do we need a different one? This seems to be distinct from CVE-2006-4262 as well... ====================================================== Name: CVE-2006-4262 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4262 Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500 Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645 Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500 Reference: DEBIAN:DSA-1186 Reference: URL:http://www.debian.org/security/2006/dsa-1186 Reference: GENTOO:GLSA-200610-08 Reference: URL:http://security.gentoo.org/glsa/glsa-200610-08.xml Reference: BID:19686 Reference: URL:http://www.securityfocus.com/bid/19686 Reference: BID:19687 Reference: URL:http://www.securityfocus.com/bid/19687 Reference: VUPEN:ADV-2006-3374 Reference: URL:http://www.frsirt.com/english/advisories/2006/3374 Reference: OSVDB:28135 Reference: URL:http://www.osvdb.org/28135 Reference: OSVDB:28136 Reference: URL:http://www.osvdb.org/28136 Reference: SECUNIA:21601 Reference: URL:http://secunia.com/advisories/21601 Reference: SECUNIA:22239 Reference: URL:http://secunia.com/advisories/22239 Reference: SECUNIA:22515 Reference: URL:http://secunia.com/advisories/22515 Reference: XF:cscope-reffile-bo(28546) Reference: URL:http://xforce.iss.net/xforce/xfdb/28546 Reference: XF:cscope-cscopelists-bo(28545) Reference: URL:http://xforce.iss.net/xforce/xfdb/28545 Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. ====================================================== Name: CVE-2009-0148 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148 Reference: MLIST:[cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5 Reference: URL:http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=947983 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=490667 Reference: SECUNIA:34978 Reference: URL:http://secunia.com/advisories/34978 Reference: VUPEN:ADV-2009-1238 Reference: URL:http://www.vupen.com/english/advisories/2009/1238 Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via (1) long pathnames, (2) long source-code strings, and other vectors.
Current thread:
- Old cscope buffer overflow Tomas Hoger (May 05)
- Re: Old cscope buffer overflow Steven M. Christey (May 06)
- Re: Old cscope buffer overflow Tomas Hoger (May 06)
- Re: Old cscope buffer overflow Steven M. Christey (May 06)
- Re: Old cscope buffer overflow Tomas Hoger (May 06)
- Re: Old cscope buffer overflow Steven M. Christey (May 06)