Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0148

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0148
Last Modified 21 Aug 2010 12:00:00
Published 05 May 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0148

Summary

Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.

Vulnerable Systems

Application

  • Cscope 13.0

  • Cscope 15.0bl2

  • Cscope 15.1

  • Cscope 15.3

  • Cscope 15.4

  • Cscope 15.5

  • Cscope 15.6

  • Cscope 15.7


References

CERT - TA09-133A

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=947983

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=490667

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-1238

SECTRACK - 1022218

BID - 34805

REDHAT - RHSA-2009:1102

REDHAT - RHSA-2009:1101

MLIST - [oss-security] 20090506 Re: Old cscope buffer overflow

DEBIAN - DSA-1806

CONFIRM - http://support.apple.com/kb/HT3549

MLIST - [cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5

GENTOO - GLSA-200905-02

SECUNIA - 35462

SECUNIA - 35214

SECUNIA - 35213

SECUNIA - 35074

SECUNIA - 34978

APPLE - APPLE-SA-2009-05-12

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Red Hat 2009:1102-01 RHSA Moderate: cscope security update for RHEL 5 x86


Last Updated: 27 May 2016 10:50:08