FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cscope -- symlink attack vulnerability

Affected packages
cscope < 15.5_1

Details

VuXML ID a7bfd423-484f-11d9-a9e7-0001020eed82
Discovery 2003-04-03
Entry 2004-12-07

cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope.

References

Bugtraq ID 11697
CVE Name CVE-2004-0996
Message 20041118012718.78b07d79.research@rexotec.com
Message 20041124025903.9337.qmail@www.securityfocus.com
URL http://sourceforge.net/tracker/index.php?func=detail&aid=1062807&group_id=4664&atid=104664