1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200610-08 / cscope |
| Release Date | October 20, 2006 |
| Latest Revision | October 20, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-util/cscope | < 15.5.20060927 | >= 15.5.20060927 | All supported architectures |
Related bugreports: #144869
Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code.
Cscope is a developer's tool for browsing source code.
Unchecked use of strcpy() and *scanf() leads to several buffer overflows.
A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the user running Cscope.
There is no known workaround at this time.
All Cscope users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927" |