1. CVE-Search
  2. CVE-2004-0996
ID CVE-2004-0996
Summary main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
References
Vulnerable Configurations
  • cpe:2.3:a:cscope:cscope:13.0:*:*:*:*:*:*:*
    cpe:2.3:a:cscope:cscope:13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cscope:cscope:15.1:*:*:*:*:*:*:*
    cpe:2.3:a:cscope:cscope:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cscope:cscope:15.3:*:*:*:*:*:*:*
    cpe:2.3:a:cscope:cscope:15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cscope:cscope:15.4:*:*:*:*:*:*:*
    cpe:2.3:a:cscope:cscope:15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cscope:cscope:15.5:*:*:*:*:*:*:*
    cpe:2.3:a:cscope:cscope:15.5:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 11697
  • 25159
bugtraq
  • 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
  • 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
  • 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability
confirm http://docs.info.apple.com/article.html?artnum=306172
debian DSA-610
gentoo GLSA-200412-11
secunia 26235
vupen ADV-2007-2732
xf cscope-tmp-race-condition(18125)
statements via4
contributor Mark J Cox
lastmodified 2009-04-09
organization Red Hat
statement Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release.
Last major update 11-07-2017 - 01:30
Published 10-01-2005 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top