LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19
(Log in to post comments)

cscope: buffer overflows

Posted Jun 1, 2006 12:14 UTC (Thu) by jfj (guest, #37917) [Link]

Can we please stop treating every buffer overflow as a security threat?

This is a bug. A segmentation fault is a bug.

A segmentation fault is a denial of service when it brings down a server.
A buffer overflow is execution of arbitary code, when it can be trigerred with data from the network for which the use is not aware that is being processed. A buffer overflow in PNG which is used by mozilla *is* a serious security threat. A buffer overflow in cscope is merely a bug. cscope is a tool for developers who usually take a look at the C files they are going to process (and very possibly have compiled them before analysing with cscope). It's not like a mail will come "Hi! I have attached a C file. Please analyse it with cscope. Thank you, anonymous".

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds