User: Password:
Subscribe / Log in / New account

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
CentOS CESA-2009:1102 cscope 2009-06-19
CentOS CESA-2009:1101 cscope 2009-06-16
Red Hat RHSA-2009:1102-01 cscope 2009-06-15
Red Hat RHSA-2009:1101-01 cscope 2009-06-15
Gentoo 200606-10 cscope 2006-06-11
Debian DSA-1064-1 cscope 2006-05-19

(Log in to post comments)

cscope: buffer overflows

Posted Jun 1, 2006 12:14 UTC (Thu) by jfj (guest, #37917) [Link]

Can we please stop treating every buffer overflow as a security threat?

This is a bug. A segmentation fault is a bug.

A segmentation fault is a denial of service when it brings down a server.
A buffer overflow is execution of arbitary code, when it can be trigerred with data from the network for which the use is not aware that is being processed. A buffer overflow in PNG which is used by mozilla *is* a serious security threat. A buffer overflow in cscope is merely a bug. cscope is a tool for developers who usually take a look at the C files they are going to process (and very possibly have compiled them before analysing with cscope). It's not like a mail will come "Hi! I have attached a C file. Please analyse it with cscope. Thank you, anonymous".

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds