CVE-2004-2541: Buffer Overflow
First published: Fri Dec 31 2004(Updated: )
Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cscope | <0:15.5-15.1.el5_3.1 | 0:15.5-15.1.el5_3.1 |
| cscope | =15.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/tracker/index.php?func=detail&aid=1064875&group_id=4664&atid=104664
- http://www.osvdb.org/11920
- http://secunia.com/advisories/13237
- http://www.debian.org/security/2006/dsa-1064
- http://secunia.com/advisories/20191
- http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml
- http://secunia.com/advisories/20564
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://www.securityfocus.com/bid/18050
- http://www.securityfocus.com/bid/25159
- http://secunia.com/advisories/26235
- https://bugzilla.redhat.com/show_bug.cgi?id=490667
- http://www.redhat.com/support/errata/RHSA-2009-1101.html
- http://www.redhat.com/support/errata/RHSA-2009-1102.html
- http://secunia.com/advisories/35462
- http://www.vupen.com/english/advisories/2007/2732
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10069
- http://sourceforge.net/forum/forum.php?forum_id=947983
- http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
- http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015C-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=342619&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=342619&action=edit
- https://access.redhat.com/security/cve/CVE-2004-2541
- https://rhn.redhat.com/errata/RHSA-2009-1102.html
- https://rhn.redhat.com/errata/RHSA-2009-1101.html
- https://www.cve.org/CVERecord?id=CVE-2004-2541 https://nvd.nist.gov/vuln/detail/CVE-2004-2541
- https://access.redhat.com/errata/RHSA-2009:1101
- https://access.redhat.com/errata/RHSA-2009:1102
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2541.json
Frequently Asked Questions
What is the severity of CVE-2004-2541?
CVE-2004-2541 is considered to have a critical severity level due to its potential to allow remote code execution.
How do I fix CVE-2004-2541?
To fix CVE-2004-2541, you should upgrade to the fixed version of cscope, specifically the remedy version 0:15.5-15.1.el5_3.1 or later.
What is the nature of the vulnerability described in CVE-2004-2541?
CVE-2004-2541 is a buffer overflow vulnerability that can be exploited by remote attackers through specially crafted C files.
Which versions of cscope are affected by CVE-2004-2541?
CVE-2004-2541 specifically affects cscope version 15.5.
Can CVE-2004-2541 be exploited locally?
CVE-2004-2541 is primarily a remote vulnerability, meaning it is exploited over a network rather than locally.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2004-2541
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/cscope
- canonical/cscope
- version/cscope/15.5