Rapid7 Vulnerability & Exploit Database

RHSA-2009:1102: cscope security update

Back to Search

RHSA-2009:1102: cscope security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
05/05/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

cscope is a mature, ncurses-based, C source-code tree browsing tool.Multiple buffer overflow flaws were found in cscope. An attacker couldcreate a specially crafted source code file that could cause cscope tocrash or, possibly, execute arbitrary code when browsed with cscope.(CVE-2004-2541, CVE-2009-0148)All users of cscope are advised to upgrade to this updated package, whichcontains backported patches to fix these issues. All running instances ofcscope must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-cscope

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;