Vulnerability Name:

CVE-2004-0996 (CCN-18125)

Assigned:2004-11-17
Published:2004-11-17
Updated:2017-07-11
Summary:main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: SCO Security Advisory SCOSA-2005.11
OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary fi

Source: CCN
Type: BugTraq Mailing List, Wed Nov 17 2004 - 15:27:18 CST
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

Source: MITRE
Type: CNA
CVE-2004-0996

Source: CCN
Type: Apple Security Update 2007-007
About Security Update 2007-007

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306172

Source: CCN
Type: Apple Web site
Apple security updates

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-07-31

Source: BUGTRAQ
Type: UNKNOWN
20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability

Source: CCN
Type: SA13237
Cscope Insecure Temporary File Creation and Buffer Overflow Vulnerabilities

Source: CCN
Type: SA26235
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26235

Source: CCN
Type: SourceForge.net
Cscope

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-610

Source: DEBIAN
Type: DSA-610
cscope -- insecure temporary file

Source: CCN
Type: GLSA-200412-11
Cscope: Insecure creation of temporary files

Source: GENTOO
Type: UNKNOWN
GLSA-200412-11

Source: CCN
Type: OSVDB ID: 11919
Cscope Tempfile Symlink Arbitrary File Deletion

Source: BUGTRAQ
Type: UNKNOWN
20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

Source: BUGTRAQ
Type: UNKNOWN
20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

Source: BUGTRAQ
Type: UNKNOWN
20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

Source: BID
Type: Exploit, Patch, Vendor Advisory
11697

Source: CCN
Type: BID-11697
Cscope Insecure Temporary File Creation Vulnerabilities

Source: BID
Type: UNKNOWN
25159

Source: CCN
Type: BID-25159
Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-2732

Source: XF
Type: UNKNOWN
cscope-tmp-race-condition(18125)

Source: XF
Type: UNKNOWN
cscope-tmp-race-condition(18125)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cscope:cscope:13.0:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.1:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.3:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.4:*:*:*:*:*:*:*
  • OR cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unixware:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unixware:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unixware:7.1.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cscope:cscope:15.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:610
    V
    		insecure temporary file
    2004-12-17
    BACK
    cscope cscope 13.0
    cscope cscope 15.1
    cscope cscope 15.3
    cscope cscope 15.4
    cscope cscope 15.5
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    gentoo linux *
    sco unixware 7.1.1
    sco unixware 7.1.3
    sco unixware 7.1.4
    cscope cscope 15.5
    debian debian linux 3.0
    gentoo linux *
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    debian debian linux 3.1
    apple mac os x 10.4.10
    apple mac os x server 10.4.10