Bug 133829

Summary:	dev-util/cscope arbitrary code execution
Product:	Gentoo Security	Reporter:	Harlan Lieberman-Berg (RETIRED) <hlieberman>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	emacs, vim
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541
Whiteboard:	B2 [glsa] DerCorny
Package list:		Runtime testing required:	---

Description Harlan Lieberman-Berg (RETIRED) gentoo-dev

2006-05-19 18:51:51 UTC

Very large number of buffer overflows exist in cscope <=15.5.  Most deal with user controlled factors (enviorment variables, filenames), but theoretically, if someone inserted a carefully managed a #include statement on a largely distributed source (the kernel, firefox, open office, etc), they could overflow the buffer on a large number of computers.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-05-20 07:49:34 UTC

vim or emacs herd, please check if we are really vulnerable (seems to be an old problem) and provide fixed ebuilds in case that we are, thank you.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-05-30 11:09:52 UTC

vim/emacs teams: please advise

Comment 3 Matthew Kennedy (RETIRED) gentoo-dev

2006-05-30 11:40:33 UTC

Can you provide a pointer to the list of vulnerabilities?  I'm not sure what you're asking -- do you want us to do a code audit?

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2006-05-30 13:29:59 UTC

No, was asking if you could provide some insight on that problem, like if you know about a patch or a new version that we could bump to. 

The closest thing we have to a patch would be in :
http://www.us.debian.org/security/2006/dsa-1064

Comment 5 Matthew Kennedy (RETIRED) gentoo-dev

2006-05-30 20:04:51 UTC

It is my opinion that our port is vulnerable.  cscope-15.5-r5.ebuild includes several patches but none of them address the 30+ potential buffer overflows the debian patch at http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1.diff.gz addresses.

Comment 6 Stefan Cornelius (RETIRED) gentoo-dev

2006-05-31 09:21:18 UTC

mkennedy, since you are in the emacs herd and said that we are probably vulnerable, could you please provide a fixed revbump?

Comment 7 Matthew Kennedy (RETIRED) gentoo-dev

2006-05-31 21:04:31 UTC

revbumped to cscope-5.15-r6.ebuild w/ the following:

src_unpack() {
	unpack ${A}

	# ~30 buffer overflows fix: Gentoo Bug #133829, patch developed by
	# the Debian Security Team (thanks to those guys), CVE-2004-2541,
	# Moritz Muehlenhoff.  The Debian patch also includes the tempfile
	# fix (previously ${PN}-${PV}-tempfile.patch)
	epatch ${P}-debian-security.patch

Comment 8 Stefan Cornelius (RETIRED) gentoo-dev

2006-05-31 21:14:21 UTC

arches please test and stable cscope-5.15-r6, thanks

Comment 9 Markus Rothe (RETIRED) gentoo-dev

2006-05-31 23:45:09 UTC

cscope-15.5-r6 stable on ppc64

Comment 10 Thomas Cort (RETIRED) gentoo-dev

2006-06-01 10:02:29 UTC

alpha stable.

Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev

2006-06-01 11:13:17 UTC

ppc stable

Comment 12 Thomas Cort (RETIRED) gentoo-dev

2006-06-01 11:18:38 UTC

amd64 stable.

Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev

2006-06-01 11:29:44 UTC

sparc stable.

Comment 14 Joshua Jackson (RETIRED) gentoo-dev

2006-06-01 21:09:13 UTC

x86 done *~_~*

Comment 15 René Nussbaumer (RETIRED) gentoo-dev

2006-06-03 02:35:36 UTC

stable on hppa

Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-06-11 13:20:38 UTC

GLSA 200606-10

arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA.