FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4262

This CVE name corresponds to:

Entered Topic
2006-10-02 cscope -- Buffer Overflow Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-4262
Phase Assigned(20060821)

Description

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

References

Source Reference
CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645
CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500
DEBIAN DSA-1186
GENTOO GLSA-200610-08
REDHAT RHSA-2009:1101
BID 19686
BID 19687
OVAL oval:org.mitre.oval:def:9661
VUPEN ADV-2006-3374
OSVDB 28135
OSVDB 28136
SECUNIA 21601
SECUNIA 22239
SECUNIA 22515
XF cscope-reffile-bo(28546)
XF cscope-cscopelists-bo(28545)