Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200412-11 (cscope)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54770

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200412-11 (cscope)

Resumen: The remote host is missing updates announced in;advisory GLSA 200412-11.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200412-11.

Vulnerability Insight:
Cscope is vulnerable to symlink attacks, potentially allowing a local user
to overwrite arbitrary files.

Solution:
All Cscope users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-util/cscope-15.5-r2'

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0996
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 11697
http://www.securityfocus.com/bid/11697
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search)
http://www.securityfocus.com/archive/1/381443
Bugtraq: 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search)
http://www.securityfocus.com/archive/1/381506
http://www.securityfocus.com/archive/1/381611
Bugtraq: 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110133485519690&w=2
Debian Security Information: DSA-610 (Google Search)
http://www.debian.org/security/2004/dsa-610
http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml
http://secunia.com/advisories/26235
http://www.vupen.com/english/advisories/2007/2732
XForce ISS Database: cscope-tmp-race-condition(18125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18125

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54770
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200412-11 (cscope)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200412-11.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200412-11. Vulnerability Insight: Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. Solution: All Cscope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/cscope-15.5-r2' CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0996 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 11697 http://www.securityfocus.com/bid/11697 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Bugtraq: 20041117 RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search) http://www.securityfocus.com/archive/1/381443 Bugtraq: 20041118 Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. (Google Search) http://www.securityfocus.com/archive/1/381506 http://www.securityfocus.com/archive/1/381611 Bugtraq: 20041124 STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110133485519690&w=2 Debian Security Information: DSA-610 (Google Search) http://www.debian.org/security/2004/dsa-610 http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml http://secunia.com/advisories/26235 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: cscope-tmp-race-condition(18125) https://exchange.xforce.ibmcloud.com/vulnerabilities/18125
Copyright	Copyright (C) 2008 E-Soft Inc.