Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.

From Red Hat Security Advisory 2009:1102 :

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

cscope is a mature, ncurses-based, C source-code tree browsing tool.

Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2009-0148)

All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect.

From Red Hat Security Advisory 2009:1101 :

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

cscope is a mature, ncurses-based, C source-code tree browsing tool.

Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577)

All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect.

Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577)

All running instances of cscope must be restarted for this update to take effect.

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

cscope is a mature, ncurses-based, C source-code tree browsing tool.

Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2009-0148)

All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect.

Secunia reports :

Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted files or directories.

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

cscope is a mature, ncurses-based, C source-code tree browsing tool.

Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577)

All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect.

The remote host is affected by the vulnerability described in GLSA-200905-02 (Cscope: User-assisted execution of arbitrary code)

    James Peach of Apple discovered a stack-based buffer overflow in     cscope's handling of long file system paths (CVE-2009-0148). Multiple     stack-based buffer overflows were reported in the putstring function     when processing an overly long function name or symbol in a source code     file (CVE-2009-1577).
  Impact :

    A remote attacker could entice a user to open a specially crafted     source file, possibly resulting in the remote execution of arbitrary     code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.

The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. 

Mac OS X 10.5.7 contains security fixes for the following products :

  - Apache
  - ATS
  - BIND
  - CFNetwork
  - CoreGraphics
  - Cscope
  - CUPS
  - Disk Images
  - enscript
  - Flash Player plug-in
  - Help Viewer
  - iChat
  - International Components for Unicode
  - IPSec
  - Kerberos
  - Kernel
  - Launch Services
  - libxml
  - Net-SNMP
  - Network Time
  - Networking
  - OpenSSL
  - PHP
  - QuickDraw Manager
  - ruby
  - Safari
  - Spotlight
  - system_cmds
  - telnet
  - Terminal
  - WebKit
  - X11

The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied.

This security update contains fixes for the following products :

  - Apache
  - ATS
  - BIND
  - CoreGraphics
  - Cscope
  - CUPS
  - Disk Images
  - enscript
  - Flash Player plug-in
  - Help Viewer
  - IPSec
  - Kerberos
  - Launch Services
  - libxml
  - Net-SNMP
  - Network Time
  - OpenSSL
  - QuickDraw Manager
  - Spotlight
  - system_cmds
  - telnet
  - Terminal
  - X11

The remote host is running a version of Mac OS X 10.5 that is older than version 10.5.7.  Mac OS X 10.5.7 contains security fixes for the following products : 

- Apache
- ATS
- BIND
- CFNetwork
- CoreGraphics
-Cscope
- CUPS
- Disk Images
- enscript
- Flash player
- Help Viewer
- iChat
- Internation Components for Unicode
- IPSec
- Kerberos
- Kernel
- Launch Services
- libxml
- Net-SNMP
- Network Time
- Networking
- OpenSSL
- PHP
- QuickDraw Manager
- ruby
- Safari
- Spotlight
- system_cmds
- telnet
- WebKit
- X11
- Terminal

ID	Name	Product	Family	Severity
67873	Oracle Linux 5 : cscope (ELSA-2009-1102)	Nessus	Oracle Linux Local Security Checks	high
67872	Oracle Linux 3 / 4 : cscope (ELSA-2009-1101)	Nessus	Oracle Linux Local Security Checks	high
60595	Scientific Linux Security Update : cscope on SL3.x, SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
43756	CentOS 5 : cscope (CESA-2009:1102)	Nessus	CentOS Local Security Checks	high
39428	FreeBSD : cscope -- multiple buffer overflows (c14aa48c-5ab7-11de-bc9b-0030843d3802)	Nessus	FreeBSD Local Security Checks	high
39424	CentOS 3 : cscope (CESA-2009:1101)	Nessus	CentOS Local Security Checks	high
39413	RHEL 5 : cscope (RHSA-2009:1102)	Nessus	Red Hat Local Security Checks	high
39412	RHEL 3 / 4 : cscope (RHSA-2009:1101)	Nessus	Red Hat Local Security Checks	high
38883	GLSA-200905-02 : Cscope: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
38880	Debian DSA-1806-1 : cscope - buffer overflows	Nessus	Debian Local Security Checks	high
38744	Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
38743	Mac OS X Multiple Vulnerabilities (Security Update 2009-002)	Nessus	MacOS X Local Security Checks	critical
5023	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
800792	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high

Detections

Analytics

CVE-2009-0148

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

critical

critical

critical

high