Vulnerability Name:

CVE-2009-0148 (CCN-50302)

Assigned:2009-04-30
Published:2009-04-30
Updated:2017-09-29
Summary:Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases.
Note: this issue exists because of an incomplete fix for CVE-2004-2541.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-0148

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-05-12

Source: CCN
Type: RHSA-2009-1101
Moderate: cscope security update

Source: CCN
Type: RHSA-2009-1102
Moderate: cscope security update

Source: CCN
Type: SA34978
Cscope Multiple Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
34978

Source: CCN
Type: SA35074
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35074

Source: SECUNIA
Type: Vendor Advisory
35213

Source: SECUNIA
Type: Vendor Advisory
35214

Source: SECUNIA
Type: Vendor Advisory
35462

Source: GENTOO
Type: UNKNOWN
GLSA-200905-02

Source: CCN
Type: SECTRACK ID: 1022218
Mac OS X CFF Font and Cscope Source File Bugs Let Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: Patch
http://sourceforge.net/forum/forum.php?forum_id=947983

Source: MLIST
Type: UNKNOWN
[cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5

Source: CCN
Type: SourceForge.net: Files
cscope, File Release Notes and Changelog, Release Name: 15.7a

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-002 / Mac OS X v10.5.7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3549

Source: CCN
Type: ASA-2009-235
cscope security update (RHSA-2009-1102)

Source: CCN
Type: ASA-2009-236
cscope security update (RHSA-2009-1101)

Source: DEBIAN
Type: UNKNOWN
DSA-1806

Source: DEBIAN
Type: DSA-1806
cscope -- buffer overflows

Source: CCN
Type: GLSA-200905-02
Cscope: User-assisted execution of arbitrary code

Source: MLIST
Type: UNKNOWN
[oss-security] 20090506 Re: Old cscope buffer overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1101

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1102

Source: BID
Type: UNKNOWN
34805

Source: CCN
Type: BID-34805
Cscope Multiple Stack Based Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022218

Source: CERT
Type: US Government Resource
TA09-133A

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1238

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1297

Source: CCN
Type: Red Hat Bugzilla Bug 490667
CVE-2009-0148 cscope: multiple buffer overflows

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=490667

Source: XF
Type: UNKNOWN
cscope-files-bo(50302)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9633

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cscope:cscope:13.0:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.0bl2:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.1:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.3:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.4:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.6:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.7:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.7:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.6:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.4:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.3:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.1:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:13.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:29254
    P
    		RHSA-2009:1102 -- cscope security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:13645
    P
    		DSA-1806-1 cscope -- buffer overflows
    2014-06-23
    oval:org.mitre.oval:def:8245
    P
    		DSA-1806 cscope -- buffer overflows
    2014-06-23
    oval:org.mitre.oval:def:22213
    P
    		ELSA-2009:1102: cscope security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:9633
    V
    		Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.
    2013-04-29
    oval:com.redhat.rhsa:def:20091101
    P
    		RHSA-2009:1101: cscope security update (Moderate)
    2009-06-15
    oval:com.redhat.rhsa:def:20091102
    P
    		RHSA-2009:1102: cscope security update (Moderate)
    2009-06-15
    oval:org.debian:def:1806
    V
    		buffer overflows
    2009-05-24
    BACK
    cscope cscope 13.0
    cscope cscope 15.0bl2
    cscope cscope 15.1
    cscope cscope 15.3
    cscope cscope 15.4
    cscope cscope 15.5
    cscope cscope 15.6
    cscope cscope 15.7
    cscope cscope 15.5
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.4.11
    apple mac os x 10.5.1
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    apple mac os x 10.5.6
    apple mac os x server 10.5.6
    cscope cscope 15.7
    cscope cscope 15.6
    cscope cscope 15.4
    cscope cscope 15.3
    cscope cscope 15.1
    cscope cscope 13.0
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    debian debian linux 5.0