[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1577

Date: (C)2009-05-07   (M)2017-10-04 


Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECUNIA-35213
GLSA-200905-02
RHSA-2009:1101
http://www.openwall.com/lists/oss-security/2009/05/05/1
http://www.openwall.com/lists/oss-security/2009/05/06/9
cscope-findc-bo(50366)
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch
https://bugzilla.redhat.com/show_bug.cgi?id=189666
https://bugzilla.redhat.com/show_bug.cgi?id=499174

CWE    1
CWE-119
OVAL    3
oval:org.secpod.oval:def:200437
oval:org.secpod.oval:def:500702
oval:org.secpod.oval:def:200555

© 2013 SecPod Technologies