Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 133829 - dev-util/cscope arbitrary code execution
Summary: dev-util/cscope arbitrary code execution
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa] DerCorny
Depends on:
Reported: 2006-05-19 18:51 UTC by Harlan Lieberman-Berg (RETIRED)
Modified: 2019-12-22 11:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-05-19 18:51:51 UTC
Very large number of buffer overflows exist in cscope <=15.5.  Most deal with user controlled factors (enviorment variables, filenames), but theoretically, if someone inserted a carefully managed a #include statement on a largely distributed source (the kernel, firefox, open office, etc), they could overflow the buffer on a large number of computers.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-20 07:49:34 UTC
vim or emacs herd, please check if we are really vulnerable (seems to be an old problem) and provide fixed ebuilds in case that we are, thank you.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-05-30 11:09:52 UTC
vim/emacs teams: please advise
Comment 3 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-30 11:40:33 UTC
Can you provide a pointer to the list of vulnerabilities?  I'm not sure what you're asking -- do you want us to do a code audit?
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-05-30 13:29:59 UTC
No, was asking if you could provide some insight on that problem, like if you know about a patch or a new version that we could bump to. 

The closest thing we have to a patch would be in :
Comment 5 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-30 20:04:51 UTC
It is my opinion that our port is vulnerable.  cscope-15.5-r5.ebuild includes several patches but none of them address the 30+ potential buffer overflows the debian patch at addresses.
Comment 6 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-31 09:21:18 UTC
mkennedy, since you are in the emacs herd and said that we are probably vulnerable, could you please provide a fixed revbump?
Comment 7 Matthew Kennedy (RETIRED) gentoo-dev 2006-05-31 21:04:31 UTC
revbumped to cscope-5.15-r6.ebuild w/ the following:

src_unpack() {
	unpack ${A}

	# ~30 buffer overflows fix: Gentoo Bug #133829, patch developed by
	# the Debian Security Team (thanks to those guys), CVE-2004-2541,
	# Moritz Muehlenhoff.  The Debian patch also includes the tempfile
	# fix (previously ${PN}-${PV}-tempfile.patch)
	epatch ${P}-debian-security.patch

Comment 8 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-31 21:14:21 UTC
arches please test and stable cscope-5.15-r6, thanks
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2006-05-31 23:45:09 UTC
cscope-15.5-r6 stable on ppc64
Comment 10 Thomas Cort (RETIRED) gentoo-dev 2006-06-01 10:02:29 UTC
alpha stable.
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2006-06-01 11:13:17 UTC
ppc stable
Comment 12 Thomas Cort (RETIRED) gentoo-dev 2006-06-01 11:18:38 UTC
amd64 stable.
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2006-06-01 11:29:44 UTC
sparc stable.
Comment 14 Joshua Jackson (RETIRED) gentoo-dev 2006-06-01 21:09:13 UTC
x86 done *~_~*
Comment 15 René Nussbaumer (RETIRED) gentoo-dev 2006-06-03 02:35:36 UTC
stable on hppa
Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-11 13:20:38 UTC
GLSA 200606-10

arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA.