Vulnerability in Cscope
CVE-2004-0996
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
EPSS: 0.011 (62.6th percentile) — read the EPSS interpretation.
Affected products
- Cscope — versions 13.0, 15.1, 15.3
- Gentoo Linux
- Sco Unixware — versions 7.1.1, 7.1.3, 7.1.4
- Debian Debian_linux — versions 3.0
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)