漏洞信息详情
Cscope sprintf()调用栈溢出漏洞
- CNNVD编号:CNNVD-200905-046
- 危害等级: 中危
- CVE编号: CVE-2009-0148
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-05-05
- 威胁类型: 远程
- 更新时间: 2009-06-23
- 厂 商: cscope
- 漏洞来源: Tomas Hoger ...
漏洞简介
Cscope是开发人员用于查看源码的工具。
Cscope的sprintf()调用中存在多个栈溢出漏洞。如果用户受骗查看了特制的文件或目录并使用超长的路径名称或源码字符串调用了有漏洞函数的话,就可能触发这个溢出,导致拒绝服务或执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://sourceforge.net/project/downloading.php?group_id=4664 amp;filename=cscope-15.7a.tar.bz2
参考网址
来源: US-CERT
名称: TA09-133A
链接:http://www.us-cert.gov/cas/techalerts/TA09-133A.HTML
来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527
来源: sourceforge.net
链接:http://sourceforge.net/forum/forum.php?forum_id=947983
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=490667
来源: VUPEN
名称: ADV-2009-1297
链接:http://www.vupen.com/english/advisories/2009/1297
来源: VUPEN
名称: ADV-2009-1238
链接:http://www.vupen.com/english/advisories/2009/1238
来源: SECTRACK
名称: 1022218
链接:http://www.securitytracker.com/id?1022218
来源: BID
名称: 34805
链接:http://www.securityfocus.com/bid/34805
来源: REDHAT
名称: RHSA-2009:1102
链接:http://www.redhat.com/support/errata/RHSA-2009-1102.HTML
来源: REDHAT
名称: RHSA-2009:1101
链接:http://www.redhat.com/support/errata/RHSA-2009-1101.HTML
来源: MLIST
名称: [oss-security] 20090506 Re: Old cscope buffer overflow
链接:http://www.openwall.com/lists/oss-security/2009/05/06/9
来源: DEBIAN
名称: DSA-1806
链接:http://www.debian.org/security/2009/dsa-1806
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3549
来源: MLIST
名称: [cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5
链接:http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
来源: GENTOO
名称: GLSA-200905-02
链接:http://security.gentoo.org/glsa/glsa-200905-02.xml
来源: SECUNIA
名称: 35462
链接:http://secunia.com/advisories/35462
来源: SECUNIA
名称: 35214
链接:http://secunia.com/advisories/35214
来源: SECUNIA
名称: 35213
链接:http://secunia.com/advisories/35213
来源: SECUNIA
名称: 35074
链接:http://secunia.com/advisories/35074
来源: SECUNIA
名称: 34978
链接:http://secunia.com/advisories/34978
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-05-12
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/May/msg00002.HTML
受影响实体
- Cscope Cscope:15.5
- Cscope Cscope:15.6
- Cscope Cscope:15.7
- Cscope Cscope:13.0
- Cscope Cscope:15.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论