Info

Disclosure

Nov 11, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in Cscope. Cscope fails to check the length of passed values resulting in an environment variable overflow. With a specially crafted #include filename, an attacker can cause the $PATHNAME to overflow resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Sourceforge.net

Cscope

15.5

References

Secunia Advisory ID: 13237 20191 20564 26235 35462
Bugtraq ID: 18050
CVE ID: 2004-2541 (see also: NVD)
Vendor URL: http://cscope.sourceforge.net/
Other Advisory URL: http://docs.info.apple.com/article.html?artnum=306172
http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml
Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1064875&group_id=4664&atid=104664
Vendor Specific Advisory URL: http://www.us.debian.org/security/2006/dsa-1064
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-1102.html

Credit

Jason Duell - jcduellusers.sourceforge.net -

Direct URL: http://osvdb.org/11920