Vulnerability Details : CVE-2004-0996
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Exploit prediction scoring system (EPSS) score for CVE-2004-0996
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0996
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
Vendor statements for CVE-2004-0996
-
Red Hat 2009-04-09Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release.
-
http://marc.info/?l=bugtraq&m=110133485519690&w=2
-
http://www.securityfocus.com/archive/1/381443
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18125
-
http://www.debian.org/security/2004/dsa-610
Patch;Vendor Advisory
- http://docs.info.apple.com/article.html?artnum=306172
- http://www.securityfocus.com/bid/25159
-
http://www.securityfocus.com/archive/1/381506
-
http://www.securityfocus.com/archive/1/381611
-
http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml
-
http://www.vupen.com/english/advisories/2007/2732
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
-
http://www.securityfocus.com/bid/11697
Exploit;Patch;Vendor Advisory
- cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.3:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.4:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.5:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.1:*:*:*:*:*:*:*