GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Oct 20, 2006 10:26 am Post subject: [ GLSA 200610-08 ] Cscope: Multiple buffer overflows |
|
|
Gentoo Linux Security Advisory
Title: Cscope: Multiple buffer overflows (GLSA 200610-08)
Severity: normal
Exploitable: remote
Date: October 20, 2006
Bug(s): #144869
ID: 200610-08
Synopsis
Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code.
Background
Cscope is a developer's tool for browsing source code.
Affected Packages
Package: dev-util/cscope
Vulnerable: < 15.5.20060927
Unaffected: >= 15.5.20060927
Architectures: All supported architectures
Description
Unchecked use of strcpy() and *scanf() leads to several buffer overflows.
Impact
A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the user running Cscope.
Workaround
There is no known workaround at this time.
Resolution
All Cscope users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927" |
References
CVE-2006-4262 |
|