CentOS Update for cscope CESA-2009:1102 centos5 i386

2011-08-0900:00:00

plugins.openvas.org

7.6 High

AI Score

Confidence

High

0.592 Medium

EPSS

Percentile

97.7%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2009-June/015989.html");
  script_oid("1.3.6.1.4.1.25623.1.0.880875");
  script_version("2023-07-12T05:05:04+0000");
  script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name:"CESA", value:"2009:1102");
  script_cve_id("CVE-2004-2541", "CVE-2009-0148");
  script_name("CentOS Update for cscope CESA-2009:1102 centos5 i386");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'cscope'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
  script_tag(name:"affected", value:"cscope on CentOS 5");
  script_tag(name:"insight", value:"cscope is a mature, ncurses-based, C source-code tree browsing tool.

  Multiple buffer overflow flaws were found in cscope. An attacker could
  create a specially crafted source code file that could cause cscope to
  crash or, possibly, execute arbitrary code when browsed with cscope.
  (CVE-2004-2541, CVE-2009-0148)

  All users of cscope are advised to upgrade to this updated package, which
  contains backported patches to fix these issues. All running instances of
  cscope must be restarted for this update to take effect.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS5")
{

  if ((res = isrpmvuln(pkg:"cscope", rpm:"cscope~15.5~15.1.el5_3.1", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}