CVE-2004-0996
published 2005-01-10CVE-2004-0996: main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
PriorityP414low2.1CVSS 2.0
AVLACLAuNCNIPAN
EXPLOIT
EPSS
1.15%
62.7th percentile
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cscope | cscope | — | — |
| cscope | cscope | — | — |
| cscope | cscope | — | — |
| cscope | cscope | — | — |
| cscope | cscope | — | — |
| cscope | cscope | >= 0 < 15.5-1.1 | 15.5-1.1 |
| cscope | cscope | >= 0 < 15.5-1.1 | 15.5-1.1 |
| cscope | cscope | >= 0 < 15.5-1.1 | 15.5-1.1 |
| cscope | cscope | >= 0 < 15.5-1.1 | 15.5-1.1 |
| debian | cscope | < cscope 15.5-1.1 (bookworm) | cscope 15.5-1.1 (bookworm) |
| debian | debian_linux | — | — |
| sco | unixware | — | — |
| sco | unixware | — | — |
| sco | unixware | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0996: cscope - main.c in cscope 15-4 and 15-5 creates temporary files with predictable filename...
vendor_debian·2004·CVSS 2.1
CVE-2004-0996 [LOW] CVE-2004-0996: cscope - main.c in cscope 15-4 and 15-5 creates temporary files with predictable filename...
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Scope: local
bookworm: resolved (fixed in 15.5-1.1)
bullseye: resolved (fixed in 15.5-1.1)
forky: resolved (fixed in 15.5-1.1)
sid: resolved (fixed in 15.5-1.1)
trixie: resolved (fixed in 15.5-1.1)
Red Hat
CVE-2004-0996: main
vendor_redhat·CVSS 2.1
CVE-2004-0996 [LOW] CVE-2004-0996: main
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Statement: Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release.
GHSA
GHSA-g9x5-fv34-9wx2: main
ghsa_unreviewed·2022-04-29
CVE-2004-0996 [LOW] GHSA-g9x5-fv34-9wx2: main
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
OSV
CVE-2004-0996: main
osv·2005-01-10·CVSS 2.1
CVE-2004-0996 [LOW] CVE-2004-0996: main
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
No detection rules found.
Exploit-DB
Cscope 13.0/15.x - Insecure Temporary File Creation (2)
exploitdb·2004-11-17
CVE-2004-0996 Cscope 13.0/15.x - Insecure Temporary File Creation (2)
Cscope 13.0/15.x - Insecure Temporary File Creation (2)
---
// source: https://www.securityfocus.com/bid/11697/info
Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it.
During execution, the utility reportedly creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that Cscope will write to when an unsuspecting user executes it.
Attackers may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including Cscope 15.5 are reported vulnerable.
/* RXcscope exploit version 15.5 and minor */
#inclu
Exploit-DB
Cscope 13.0/15.x - Insecure Temporary File Creation (1)
exploitdb·2004-11-17
CVE-2004-0996 Cscope 13.0/15.x - Insecure Temporary File Creation (1)
Cscope 13.0/15.x - Insecure Temporary File Creation (1)
---
source: https://www.securityfocus.com/bid/11697/info
Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it.
During execution, the utility reportedly creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that Cscope will write to when an unsuspecting user executes it.
Attackers may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including Cscope 15.5 are reported vulnerable.
#!/bin/sh
############################################
No writeups or analysis indexed.
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://marc.info/?l=bugtraq&m=110133485519690&w=2http://secunia.com/advisories/26235http://www.debian.org/security/2004/dsa-610http://www.gentoo.org/security/en/glsa/glsa-200412-11.xmlhttp://www.securityfocus.com/archive/1/381443http://www.securityfocus.com/archive/1/381506http://www.securityfocus.com/archive/1/381611http://www.securityfocus.com/bid/11697http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/18125http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://marc.info/?l=bugtraq&m=110133485519690&w=2http://secunia.com/advisories/26235http://www.debian.org/security/2004/dsa-610http://www.gentoo.org/security/en/glsa/glsa-200412-11.xmlhttp://www.securityfocus.com/archive/1/381443http://www.securityfocus.com/archive/1/381506http://www.securityfocus.com/archive/1/381611http://www.securityfocus.com/bid/11697http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/18125
2005-01-10
Published