Bug 490667 (CVE-2004-2541, CVE-2009-0148)

Summary: CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kreilly, mjc, nhorman, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-04 14:44:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 499197, 499198, 499199, 499200, 499201, 505605, 833883    
Bug Blocks:    
Attachments:
Description Flags
Original Debian patch for CVE-2004-2541 none

Description Tomas Hoger 2009-03-17 15:12:32 UTC 
Apple Security Team reported multiple buffer overflows in cscope, caused by insecure sprintf usage.  Processing a maliciously crafted source file with cscope may lead to an unexpected application termination or arbitrary code execution.
Comment 3 Tomas Hoger 2009-05-04 07:37:28 UTC 
Fixed upstream in 15.7a:
  http://sourceforge.net/forum/forum.php?forum_id=947983

Upstream commits:
http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015C-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
Comment 4 Tomas Hoger 2009-05-05 14:38:11 UTC 
This CVE is duplicate / re-occurrence of old issue CVE-2004-2541:

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

It seems the original issue was not completely fixed upstream previously.
Comment 8 Tomas Hoger 2009-05-06 09:11:49 UTC 
Created attachment 342619 [details]
Original Debian patch for CVE-2004-2541
Comment 10 errata-xmlrpc 2009-06-15 21:10:59 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1102 https://rhn.redhat.com/errata/RHSA-2009-1102.html
Comment 11 errata-xmlrpc 2009-06-15 21:12:44 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 3

Via RHSA-2009:1101 https://rhn.redhat.com/errata/RHSA-2009-1101.html