Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA 200412-11 Normal Severity: Cscope Symlink Attack Risk

gentoo
Calendar Grey December 17, 2004
Dist Gentoo Esm H88
Linux Security Notice GLSA 200512-22: Cscope exposes vulnerabilities via symlink exploits enabling file overwrites. Update is advised.
Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Summary

Linux Security Advisory GLSA 200412-11 https://security.gentoo.org/ Severity: Normal Title: Cscope: Insecure creation of temporary files Date: December 16, 2004 Bugs: #71595 ID: 200412-11

Synopsis ======= Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
Background ========= Cscope is a developer utility used to browse and manage source code.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/cscope < 15.5-r2 >= 15.5-r2
========== Cscope creates temporary files in world-writable directories with predictable names.
Impact ===== A local attacker could create symbolic links in the temporary files d...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack cscope normal severity developer utility

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack cscope normal severity developer utility

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here