CVE-2004-0996

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    Cscope: Cscope
    Cscope: Cscope
    Cscope: Cscope
    Cscope: Cscope
    Cscope: Cscope
    Debian: Debian Linux
    Debian: Debian Linux
    Debian: Debian Linux
    Debian: Debian Linux
    Debian: Debian Linux
    Debian: Debian Linux
    Debian: Debian Linux

    Vulnerability description

    main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

    References:

    Security Focus: http://www.securityfocus.com/bid/11697
    ISS X-Force: http://xforce.iss.net/xforce/xfdb/18125
    Debian: http://www.debian.org/security/2004/dsa-610
    BUGTRAQ: http://www.securityfocus.com/archive/1/381443
    BUGTRAQ: http://www.securityfocus.com/archive/1/381506
    BUGTRAQ: http://www.securityfocus.com/archive/1/381611
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110133485519690&w=2
    GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml