Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0996

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0996
Last Modified 07 Mar 2011 09:16:30
Published 10 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0996

Summary

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

  • Gentoo Linux

  • Sco Unixware 7.1.1

  • Sco Unixware 7.1.3

  • Sco Unixware 7.1.4

Application

  • Cscope 13.0

  • Cscope 15.1

  • Cscope 15.3

  • Cscope 15.4

  • Cscope 15.5


References

BID - 11697

DEBIAN - DSA-610

XF - cscope-tmp-race-condition(18125)

VUPEN - ADV-2007-2732

BUGTRAQ - 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

BUGTRAQ - 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

GENTOO - GLSA-200412-11

BID - 25159

SECUNIA - 26235

BUGTRAQ - 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability

APPLE - APPLE-SA-2007-07-31

CONFIRM - http://docs.info.apple.com/article.html?artnum=306172

Related Patches

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server Universal) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Universal) (Rev 2)


Last Updated: 27 May 2016 10:38:50