{"vuid":"VU#401808","idnumber":"401808","name":"exuberant-ctags creates temporary files insecurely","keywords":["exuberant-ctags","race","temporary","tmp","temp","symlink","symbolic link"],"overview":"Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service.","clean_desc":"Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable names in /tmp. Prior to creation, the utility does not check for existence of the temporary files. These files are created world-readable.","impact":"By creating symbolic links named as the temporary files, an attacker can cause exuberant-ctags to overwrite files writable by the user of exuberant-ctags. By creating similarly named files and protecting them against the user of exuberant-ctags, an attacker can deny use of this utility to a user.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"This vulnerability was first reported by Colin Phipps","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2614","http://www.linuxsecurity.com/advisories/debian_advisory-1286.html"],"cveids":["CVE-2001-0430"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-27T16:05:43Z","publicdate":"2001-04-15T00:00:00Z","datefirstpublished":"2001-09-17T19:25:27Z","dateupdated":"2001-09-17T19:25:29Z","revision":4,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.375","cam_scorecurrentwidelyknown":"4.5","cam_scorecurrentwidelyknownexploited":"9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.375,"vulnote":null}