FreeBSD : cscope -- Buffer Overflow Vulnerabilities (74ff10f6-520f-11db-8f1a-000a48049292)

NASLDB: FreeBSD : cscope -- Buffer Overflow Vulnerabilities (74ff10f6-520f-11db-8f1a-000a48049292)

General

ID: 22517
Name: FreeBSD : cscope — Buffer Overflow Vulnerabilities (74ff10f6-520f-11db-8f1a-000a48049292)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Secunia reports :

Will Drewry has reported some vulnerabilities in Cscope, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Various boundary errors within the parsing of file lists or the
expansion of environment variables can be exploited to cause
stack-based buffer overflows when parsing specially crafted
‘cscope.lists’ files or directories.

A boundary error within the parsing of command line arguments can be
exploited to cause a stack-based buffer overflow when supplying an
overly long ‘reffile’ argument.

Successful exploitation may allow execution of arbitrary code.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2006-4262
OSVDB: –
Bugtraq: 19686
scipID: –

Timeline

Vulnerability Disclosure: 2006/08/20
Patch Release: 2006/10/02
Plugin Release: 2006/10/10

Plugin

Version: 1.13
Filename: freebsd_pkg_74ff10f6520f11db8f1a000a48049292.nasl
Filesize: 5205 bytes
MD5 Hash: 806f90d944482392e13c347fb90d59c8

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG