logo
DATABASE RESOURCES PRICING ABOUT US

Cscope: Insecure creation of temporary files

Description

### Background Cscope is a developer utility used to browse and manage source code. ### Description Cscope creates temporary files in world-writable directories with predictable names. ### Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When Cscope is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. ### Workaround There is no known workaround at this time. ### Resolution All Cscope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r2"


Affected Package


OS OS Version Package Name Package Version
Gentoo any dev-util/cscope 15.5-r2

Related