FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cscope -- Buffer Overflow Vulnerabilities

Affected packages
cscope < 15.6

Details

VuXML ID 74ff10f6-520f-11db-8f1a-000a48049292
Discovery 2006-08-20
Entry 2006-10-02
Modified 2006-10-11

Secunia reports:

Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system.

Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories.

A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument.

Successful exploitation may allow execution of arbitrary code.

References

Bugtraq ID 19686
Bugtraq ID 19687
CVE Name CVE-2006-4262
URL http://secunia.com/advisories/21601
URL http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500
URL http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500