Vulnerability Note VU#401808

exuberant-ctags creates temporary files insecurely

Original Release date: 17 Sep 2001 | Last revised: 17 Sep 2001


Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service.


Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable names in /tmp. Prior to creation, the utility does not check for existence of the temporary files. These files are created world-readable.


By creating symbolic links named as the temporary files, an attacker can cause exuberant-ctags to overwrite files writable by the user of exuberant-ctags. By creating similarly named files and protecting them against the user of exuberant-ctags, an attacker can deny use of this utility to a user.


Apply vendor patches; see the Systems Affected section below.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected-31 Jul 2001
CalderaUnknown08 Aug 200117 Sep 2001
RedHatUnknown08 Aug 200117 Sep 2001
SequentUnknown08 Aug 200117 Sep 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was first reported by Colin Phipps.

This document was last modified by Tim Shimeall.

Other Information

  • CVE IDs: CAN-2001-0430
  • Date Public: 15 Apr 2001
  • Date First Published: 17 Sep 2001
  • Date Last Updated: 17 Sep 2001
  • Severity Metric: 3.37
  • Document Revision: 4


If you have feedback, comments, or additional information about this vulnerability, please send us email.