Debian: cscope insecure temporary file

    Date17 Dec 2004
    CategoryDebian
    5957
    Posted ByJoe Shakespeare
    A vulnerability has been discovered in cscope, a program to interactively examine C source code, which may allow local users to overwrite files via a symlink attack.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 610-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    December 17th, 2004                     http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : cscope
    Vulnerability  : insecure temporary file
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0996
    BugTraq ID     : 11697
    Debian Bug     : 282815
    
    A vulnerability has been discovered in cscope, a program to
    interactively examine C source code, which may allow local users to
    overwrite files via a symlink attack.
    
    For the stable distribution (woody) this problem has been fixed in
    version 15.3-1woody2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 15.5-1.
    
    We recommend that you upgrade your cscope package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2.dsc
          Size/MD5 checksum:      593 92a1d4fc455afa78d855f61032726cfb
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2.diff.gz
          Size/MD5 checksum:     5750 2e991cad957c7fc76da2f6e05e02162d
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3.orig.tar.gz
          Size/MD5 checksum:   196580 7540514aab8c0a3737ee8dd08a5422ba
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_alpha.deb
          Size/MD5 checksum:   129904 55a18b826ab935a85ff9b1151d7058cf
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_arm.deb
          Size/MD5 checksum:   111498 5da8a35ac3eaba039afa93ac1beba3ae
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_i386.deb
          Size/MD5 checksum:   105106 9dc15376b2fafce9a63cdadae3784b35
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_ia64.deb
          Size/MD5 checksum:   148664 9373976f2b1a14a165b71a04c3ed0c99
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_hppa.deb
          Size/MD5 checksum:   121870 49f6e6a16ad6c9646b18a87790d775ca
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_m68k.deb
          Size/MD5 checksum:   102290 428a0104834961d7e6fc8935d41653e3
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_mips.deb
          Size/MD5 checksum:   119642 358d6239a38bffffc5d767ab3fceb4c4
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_mipsel.deb
          Size/MD5 checksum:   119442 60c6abca0f605bf8efa6e0160716d351
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_powerpc.deb
          Size/MD5 checksum:   114240 00df8d48376af2f93bda799ad9c95e16
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_s390.deb
          Size/MD5 checksum:   111110 c50a7ffc138d41c33ad6c7a7e768ff38
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_sparc.deb
          Size/MD5 checksum:   115174 4e14738f98c36bb1cb7a6d1a63bfc688
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.