Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service.
Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable names in /tmp. Prior to creation, the utility does not check for existence of the temporary files. These files are created world-readable.
By creating symbolic links named as the temporary files, an attacker can cause exuberant-ctags to overwrite files writable by the user of exuberant-ctags. By creating similarly named files and protecting them against the user of exuberant-ctags, an attacker can deny use of this utility to a user.
Apply vendor patches; see the Systems Affected section below.
This vulnerability was first reported by Colin Phipps
This document was last modified by Tim Shimeall.
|Date First Published:||2001-09-17|
|Date Last Updated:||2001-09-17 19:25 UTC|