Executive Summary
Summary | |
---|---|
Title | New cscope packages fix insecure temporary file creation |
Informations | |||
---|---|---|---|
Name | DSA-610 | First vendor Publication | 2004-12-17 |
Vendor | Debian | Last vendor Modification | 2004-12-17 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered in cscope, a program to interactively examine C source code, which may allow local users to overwrite files via a symlink attack. For the stable distribution (woody) this problem has been fixed in version 15.3-1woody2. For the unstable distribution (sid) this problem has been fixed in version 15.5-1. We recommend that you upgrade your cscope package. |
Original Source
Url : http://www.debian.org/security/2004/dsa-610 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-11 (cscope) File : nvt/glsa_200412_11.nasl |
2008-09-04 | Name : FreeBSD Ports: cscope File : nvt/freebsd_cscope.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 610-1 (cscope) File : nvt/deb_610_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
11919 | Cscope Tempfile Symlink Arbitrary File Deletion Cscope contains a flaw that may allow a malicious user to predict an upcoming temporary filename and use a symlink attack to cause corruption and removal of arbitrary system files. The product utilizes the directory found in the environment variable "TMPDIR" to store it's temporary files. During creation of these temporary files, cscope adheres to a predictable naming scheme for the filenames and does not check for an existing file by the chosen name. This issue may result in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a7bfd423484f11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2004-12-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-610.nasl - Type : ACT_GATHER_INFO |
2004-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-11.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:39 |
|