Vulnerability Note VU#401808
exuberant-ctags creates temporary files insecurely
Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service.
Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable names in /tmp. Prior to creation, the utility does not check for existence of the temporary files. These files are created world-readable.
By creating symbolic links named as the temporary files, an attacker can cause exuberant-ctags to overwrite files writable by the user of exuberant-ctags. By creating similarly named files and protecting them against the user of exuberant-ctags, an attacker can deny use of this utility to a user.
Apply vendor patches; see the Systems Affected section below.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||-||31 Jul 2001|
|Caldera||Unknown||08 Aug 2001||17 Sep 2001|
|RedHat||Unknown||08 Aug 2001||17 Sep 2001|
|Sequent||Unknown||08 Aug 2001||17 Sep 2001|
CVSS Metrics (Learn More)
This vulnerability was first reported by Colin Phipps.
This document was last modified by Tim Shimeall.
- CVE IDs: CAN-2001-0430
- Date Public: 15 Apr 2001
- Date First Published: 17 Sep 2001
- Date Last Updated: 17 Sep 2001
- Severity Metric: 3.37
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.