FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1577

This CVE name corresponds to:

Entered Topic
2009-06-16 cscope -- buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1577 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1577
Phase Assigned(20090506)

Description

Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.

References

Source Reference
MLIST [oss-security] 20090505 Old cscope buffer overflow
MLIST [oss-security] 20090506 Re: Old cscope buffer overflow
MLIST [oss-security] 20090506 Re: Old cscope buffer overflow
CONFIRM http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19
CONFIRM http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
CONFIRM http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=189666
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=499174
GENTOO GLSA-200905-02
REDHAT RHSA-2009:1101
OVAL oval:org.mitre.oval:def:9837
SECUNIA 35213
XF cscope-findc-bo(50366)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.