Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200412-11 (cscope)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54770

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200412-11 (cscope)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200412-11.

Cscope is vulnerable to symlink attacks, potentially allowing a local user
to overwrite arbitrary files.

Solution:
All Cscope users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-util/cscope-15.5-r2'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200412-11
http://bugs.gentoo.org/show_bug.cgi?id=71595
http://www.securityfocus.com/archive/1/381443

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: BugTraq ID: 11697
Common Vulnerability Exposure (CVE) ID: CVE-2004-0996
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://www.securityfocus.com/bid/11697
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search)
http://www.securityfocus.com/archive/1/381443
Bugtraq: 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search)
http://www.securityfocus.com/archive/1/381506
http://www.securityfocus.com/archive/1/381611
Bugtraq: 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110133485519690&w=2
Debian Security Information: DSA-610 (Google Search)
http://www.debian.org/security/2004/dsa-610
http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml
http://secunia.com/advisories/26235
http://www.vupen.com/english/advisories/2007/2732
XForce ISS Database: cscope-tmp-race-condition(18125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18125

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54770
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200412-11 (cscope)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200412-11. Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. Solution: All Cscope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/cscope-15.5-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200412-11 http://bugs.gentoo.org/show_bug.cgi?id=71595 http://www.securityfocus.com/archive/1/381443 CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	BugTraq ID: 11697 Common Vulnerability Exposure (CVE) ID: CVE-2004-0996 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.securityfocus.com/bid/11697 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Bugtraq: 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search) http://www.securityfocus.com/archive/1/381443 Bugtraq: 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search) http://www.securityfocus.com/archive/1/381506 http://www.securityfocus.com/archive/1/381611 Bugtraq: 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110133485519690&w=2 Debian Security Information: DSA-610 (Google Search) http://www.debian.org/security/2004/dsa-610 http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml http://secunia.com/advisories/26235 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: cscope-tmp-race-condition(18125) https://exchange.xforce.ibmcloud.com/vulnerabilities/18125
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com