main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Software | From | Fixed in |
---|---|---|
sco / unixware | 7.1.1 | 7.1.1.x |
sco / unixware | 7.1.3 | 7.1.3.x |
sco / unixware | 7.1.4 | 7.1.4.x |
debian / debian_linux | 3.0 | 3.0.x |
gentoo / linux | - | - |
cscope / cscope | 13.0 | 13.0.x |
cscope / cscope | 15.1 | 15.1.x |
cscope / cscope | 15.3 | 15.3.x |
cscope / cscope | 15.4 | 15.4.x |
cscope / cscope | 15.5 | 15.5.x |