main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cscope | Cscope | 13.0 (including) | 13.0 (including) |
Cscope | Cscope | 15.1 (including) | 15.1 (including) |
Cscope | Cscope | 15.3 (including) | 15.3 (including) |
Cscope | Cscope | 15.4 (including) | 15.4 (including) |
Cscope | Cscope | 15.5 (including) | 15.5 (including) |
Cscope | Ubuntu | dapper | * |
Cscope | Ubuntu | devel | * |
Cscope | Ubuntu | edgy | * |
Cscope | Ubuntu | feisty | * |