CVE-2004-0996

cscope <15-5 - Local Privilege Escalation

Title source: llm

Description

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Gangstuck · clocallinux

https://www.exploit-db.com/exploits/24750

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Gangstuck · bashlocallinux

https://www.exploit-db.com/exploits/24749

View Code ZIP pw:eip

References (13)

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=306172

[Mailing List] http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

[Mailing List] http://marc.info/?l=bugtraq&m=110133485519690&w=2

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-610

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/11697

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18125

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/381443

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/381506

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/381611

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25159

[Third Party Advisory] http://secunia.com/advisories/26235

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2732

Scores

EPSS 0.0056

EPSS Percentile 68.4%

Details

Status published

Products (10)

cscope/cscope 13.0

cscope/cscope 15.1

cscope/cscope 15.3

cscope/cscope 15.4

cscope/cscope 15.5

debian/debian_linux 3.0 (12 CPE variants)

gentoo/linux

sco/unixware 7.1.1

sco/unixware 7.1.3

sco/unixware 7.1.4

Published Jan 10, 2005

Tracked Since Feb 18, 2026