Vulnerability CVE-2004-2541

Vulnerability Name:

CVE-2004-2541 (CCN-35730)

Assigned:

2004-12-31

Published:

2004-12-31

Updated:

2017-10-11

Summary:

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-2541

Source: CCN
Type: Apple Security Update 2007-007
About Security Update 2007-007

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306172

Source: CCN
Type: Apple Web site
Apple security updates

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-07-31

Source: CCN
Type: RHSA-2009-1101
Moderate: cscope security update

Source: CCN
Type: RHSA-2009-1102
Moderate: cscope security update

Source: CCN
Type: SA13237
Cscope Insecure Temporary File Creation and Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
13237

Source: SECUNIA
Type: UNKNOWN
20191

Source: SECUNIA
Type: UNKNOWN
20564

Source: CCN
Type: SA26235
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26235

Source: SECUNIA
Type: UNKNOWN
35462

Source: CCN
Type: SourceForge.net
Cscope

Source: MISC
Type: UNKNOWN
http://sourceforge.net/tracker/index.php?func=detail&aid=1064875&group_id=4664&atid=104664

Source: CCN
Type: ASA-2009-235
cscope security update (RHSA-2009-1102)

Source: CCN
Type: ASA-2009-236
cscope security update (RHSA-2009-1101)

Source: DEBIAN
Type: UNKNOWN
DSA-1064

Source: DEBIAN
Type: DSA-1064
cscope -- buffer overflows

Source: CCN
Type: GLSA-200606-10
Cscope: Many buffer overflows

Source: GENTOO
Type: UNKNOWN
GLSA-200606-10

Source: OSVDB
Type: UNKNOWN
11920

Source: CCN
Type: OSVDB ID: 11920
Cscope #include filename Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1101

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1102

Source: BID
Type: UNKNOWN
18050

Source: CCN
Type: BID-18050
Cscope Include Filename Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
25159

Source: CCN
Type: BID-25159
Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-2732

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=490667

Source: XF
Type: UNKNOWN
cscope-cfile-bo(35730)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10069

Vulnerable Configuration:

Configuration 1:

cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20042541	V	CVE-2004-2541	2022-06-30
oval:org.opensuse.security:def:112121	P	cscope-15.9-1.9 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:105658	P	Security update for salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:26137	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:36384	P	cscope-15.6-95.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:27347	P	libslp1-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26359	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:25933	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26651	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27382	P	cscope on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26510	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25934	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26665	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26563	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25945	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26709	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26275	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:26612	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26009	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.mitre.oval:def:29254	P	RHSA-2009:1102 -- cscope security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:22213	P	ELSA-2009:1102: cscope security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10069	V	Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.	2013-04-29
oval:com.redhat.rhsa:def:20091101	P	RHSA-2009:1101: cscope security update (Moderate)	2009-06-15
oval:com.redhat.rhsa:def:20091102	P	RHSA-2009:1102: cscope security update (Moderate)	2009-06-15
oval:org.debian:def:1064	V	buffer overflows	2006-05-19

BACK