FreeBSD : cscope -- Buffer Overflow Vulnerabilities (74ff10f6-520f-11db-8f1a-000a48049292)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Will Drewry has reported some vulnerabilities in Cscope, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Various boundary errors within the parsing of file lists or the
expansion of environment variables can be exploited to cause
stack-based buffer overflows when parsing specially crafted
'cscope.lists' files or directories.

A boundary error within the parsing of command line arguments can be
exploited to cause a stack-based buffer overflow when supplying an
overly long 'reffile' argument.

Successful exploitation may allow execution of arbitrary code.

See also :

http://www.nessus.org/u?445bed66
http://www.nessus.org/u?b4af5f8e
http://www.nessus.org/u?38db3aa9

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22517 (freebsd_pkg_74ff10f6520f11db8f1a000a48049292.nasl)

Bugtraq ID: 19686
19687

CVE ID: CVE-2006-4262

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now