Info

Disclosure

Aug 24, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cscope contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error occurs within the parsing of file lists or the expansion of environment variables. It is possible that the flaw may allow the attacker to cause stack-based buffer overflow by using specially crafted 'cscope.lists' files or directories resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

N/A	Cscope	15.5
		15.3
		15.1

References

CVE ID: 2006-4262 (see also: NVD)
Secunia Advisory ID: 21601 22239 22515
Related OSVDB ID: 28136
Vendor URL: http://cscope.sourceforge.net/
Vendor Specific Solution URL: http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500
http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200610-08.xml
http://www.us.debian.org/security/2006/dsa-1186

Credit

Will Drewry - wadgoogle.com - Google Security Team

Direct URL: http://osvdb.org/28135

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

N/A

Cscope

References

Credit