Debian Bug report logs - #385893
CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities

version graph

Package: cscope; Maintainer for cscope is Tobias Klauser <tklauser@distanz.ch>; Source for cscope is src:cscope.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 3 Sep 2006 20:33:05 UTC

Severity: grave

Tags: patch, security

Found in versions 15.5+cvs20050816-2, 15.5-1.1sarge1

Fixed in versions 15.5+cvs20060902-1, 15.5-1.1sarge2

Done: Tobias Klauser <tklauser@access.unizh.ch>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian QA Group <packages@qa.debian.org>:
Bug#385893; Package cscope. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities
Date: Sun, 03 Sep 2006 21:53:24 +0200
Package: cscope
Severity: grave
Tags: security patch
Justification: user security hole


Some vulnerabilities have been found in cscope:

Multiple buffer overflows in cscope 15.5 and earlier allow
user-assisted attackers to cause a denial of service (crash) and
possibly execute arbitrary code via multiple vectors including (1) a
long pathname that is not properly handled during file list parsing,
(2) long pathnames that result from path variable expansion such as
tilde expansion for the HOME environment variable, and (3) a long -f
(aka reffile) command line argument.


The secunia advisory points to some patches:
http://secunia.com/advisories/21601



Message sent on to Stefan Fritsch <sf@sfritsch.de>:
Bug#385893. Full text and rfc822 format available.

Message #8 received at 385893-submitter@bugs.debian.org (full text, mbox):

From: Tobias Klauser <tklauser@access.unizh.ch>
To: 385893-submitter@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities
Date: Mon, 4 Sep 2006 09:07:27 +0200
Thanks for your report.

These vulnerabilities are fixed by the upload of 15.5+cvs20060902-1
(which is a CVS snapshot incorporating them). Obviously I was not
inspecting the upstream changelog good enough so this was not not
mentioned in the changelog. Sorry!

WRT to cscope in stable I can prepare patches if needed.

Thanks, Tobias



Bug marked as found in version 15.5+cvs20050816-2. Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as found in version 15.5-1.1sarge1. Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 15.5+cvs20060902-1, send any further explanations to Stefan Fritsch <sf@sfritsch.de> Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information stored:
Bug#385893; Package cscope. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #19 received at 385893-quiet@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Tobias Klauser <tklauser@access.unizh.ch>, 385893-quiet@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#385893: CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities
Date: Mon, 4 Sep 2006 23:45:59 +0200
package cscope
found 385893 15.5+cvs20050816-2
found 385893 15.5-1.1sarge1
close 385893 15.5+cvs20060902-1
thanks

> These vulnerabilities are fixed by the upload of 15.5+cvs20060902-1
> (which is a CVS snapshot incorporating them). Obviously I was not
> inspecting the upstream changelog good enough so this was not not
> mentioned in the changelog. Sorry!

No problem. Maybe you can add the CVE-id to the changelog on the next 
upload. Thanks.

Cheers,
Stefan



Information stored:
Bug#385893; Package cscope. Full text and rfc822 format available.

Acknowledgement sent to Tobias Klauser <tklauser@access.unizh.ch>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #24 received at 385893-quiet@bugs.debian.org (full text, mbox):

From: Tobias Klauser <tklauser@access.unizh.ch>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 385893-quiet@bugs.debian.org
Subject: Re: CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities
Date: Sun, 10 Sep 2006 18:52:26 +0200
[Message part 1 (text/plain, inline)]
On 2006-09-10 at 14:53:03 +0200, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Tobias Klauser wrote:
> > Thanks for your report.
> > 
> > These vulnerabilities are fixed by the upload of 15.5+cvs20060902-1
> > (which is a CVS snapshot incorporating them). Obviously I was not
> > inspecting the upstream changelog good enough so this was not not
> > mentioned in the changelog. Sorry!
> > 
> > WRT to cscope in stable I can prepare patches if needed.
> 
> Please go ahead.

Attached is the patch against cscope-15.5-1.1sarge1. It was taken from
upstream CVS according to the changelog [1] and adapted to this version.

[1]
http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500

I built the package with the patch applied on sarge with pbuilder and
there were no problems.

Hope that helps,
Tobias
[cve-2006-4262.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information stored:
Bug#385893; Package cscope. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #29 received at 385893-quiet@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Tobias Klauser <tklauser@access.unizh.ch>
Cc: 385893-quiet@bugs.debian.org
Subject: Re: CVE-2006-4262: Cscope Buffer Overflow Vulnerabilities
Date: Sun, 24 Sep 2006 23:33:03 +0200
Tobias Klauser wrote:
> Attached is the patch against cscope-15.5-1.1sarge1. It was taken from
> upstream CVS according to the changelog [1] and adapted to this version.

Thanks, update is building now.

Cheers,
        Moritz



Bug marked as fixed in version 15.5-1.1sarge2, send any further explanations to Stefan Fritsch <sf@sfritsch.de> Request was from Tobias Klauser <tklauser@access.unizh.ch> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 04:47:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 13:28:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.