CVE-2009-0148
This CVE name corresponds to:
The following information is adapted from the
Common Vulnerabilities and
Exposures (CVE) project. CVE and the CVE logo are trademarks
of The MITRE Corporation. CVE content is Copyright 2005, The
MITRE Corporation.
Details
Description
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.
References
Source |
Reference |
MLIST |
[cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5 |
MLIST |
[oss-security] 20090506 Re: Old cscope buffer overflow |
CONFIRM |
http://sourceforge.net/forum/forum.php?forum_id=947983 |
CONFIRM |
http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527 |
CONFIRM |
https://bugzilla.redhat.com/show_bug.cgi?id=490667 |
CONFIRM |
http://support.apple.com/kb/HT3549 |
APPLE |
APPLE-SA-2009-05-12 |
DEBIAN |
DSA-1806 |
GENTOO |
GLSA-200905-02 |
REDHAT |
RHSA-2009:1101 |
REDHAT |
RHSA-2009:1102 |
CERT |
TA09-133A |
BID |
34805 |
OVAL |
oval:org.mitre.oval:def:9633 |
SECTRACK |
1022218 |
SECUNIA |
34978 |
SECUNIA |
35074 |
SECUNIA |
35213 |
SECUNIA |
35214 |
SECUNIA |
35462 |
VUPEN |
ADV-2009-1238 |
VUPEN |
ADV-2009-1297 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.