RHSA-2009:1102
Vulnerability from csaf_redhat
Published
2009-06-15 21:10
Modified
2024-11-22 02:45
Summary
Red Hat Security Advisory: cscope security update
Notes
Topic
An updated cscope package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
cscope is a mature, ncurses-based, C source-code tree browsing tool.
Multiple buffer overflow flaws were found in cscope. An attacker could
create a specially crafted source code file that could cause cscope to
crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2009-0148)
All users of cscope are advised to upgrade to this updated package, which
contains backported patches to fix these issues. All running instances of
cscope must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cscope package that fixes multiple security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "cscope is a mature, ncurses-based, C source-code tree browsing tool.\n\nMultiple buffer overflow flaws were found in cscope. An attacker could\ncreate a specially crafted source code file that could cause cscope to\ncrash or, possibly, execute arbitrary code when browsed with cscope.\n(CVE-2004-2541, CVE-2009-0148)\n\nAll users of cscope are advised to upgrade to this updated package, which\ncontains backported patches to fix these issues. All running instances of\ncscope must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1102",
"url": "https://access.redhat.com/errata/RHSA-2009:1102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "490667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1102.json"
}
],
"title": "Red Hat Security Advisory: cscope security update",
"tracking": {
"current_release_date": "2024-11-22T02:45:10+00:00",
"generator": {
"date": "2024-11-22T02:45:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1102",
"initial_release_date": "2009-06-15T21:10:00+00:00",
"revision_history": [
{
"date": "2009-06-15T21:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-06-15T17:10:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:45:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"product": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"product_id": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope-debuginfo@15.5-15.1.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.x86_64",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.x86_64",
"product_id": "cscope-0:15.5-15.1.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"product": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"product_id": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope-debuginfo@15.5-15.1.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.i386",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.i386",
"product_id": "cscope-0:15.5-15.1.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.src",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.src",
"product_id": "cscope-0:15.5-15.1.el5_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"product": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"product_id": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope-debuginfo@15.5-15.1.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.ia64",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.ia64",
"product_id": "cscope-0:15.5-15.1.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"product": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"product_id": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope-debuginfo@15.5-15.1.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.ppc",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.ppc",
"product_id": "cscope-0:15.5-15.1.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"product": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"product_id": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope-debuginfo@15.5-15.1.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cscope-0:15.5-15.1.el5_3.1.s390x",
"product": {
"name": "cscope-0:15.5-15.1.el5_3.1.s390x",
"product_id": "cscope-0:15.5-15.1.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cscope@15.5-15.1.el5_3.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.i386"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.ia64"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.ppc"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.s390x"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.src"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-0:15.5-15.1.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-0:15.5-15.1.el5_3.1.x86_64"
},
"product_reference": "cscope-0:15.5-15.1.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
},
"product_reference": "cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2541",
"discovery_date": "2009-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490667"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cscope: multiple buffer overflows",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-2541"
},
{
"category": "external",
"summary": "RHBZ#490667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-2541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2541"
}
],
"release_date": "2009-04-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-15T21:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1102"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cscope: multiple buffer overflows"
},
{
"cve": "CVE-2009-0148",
"discovery_date": "2009-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490667"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cscope: multiple buffer overflows",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0148"
},
{
"category": "external",
"summary": "RHBZ#490667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0148"
}
],
"release_date": "2009-04-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-15T21:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1102"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.src",
"5Client-Workstation:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Client-Workstation:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-0:15.5-15.1.el5_3.1.src",
"5Server:cscope-0:15.5-15.1.el5_3.1.x86_64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.i386",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ia64",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.ppc",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.s390x",
"5Server:cscope-debuginfo-0:15.5-15.1.el5_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cscope: multiple buffer overflows"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.