MDKSA-2001:064

Package name

tripwire

Date

2001-07-18

Advisory ID

MDKSA-2001:064

Affected versions

8.0 i586

Problem description

Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the O_EXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the temporary files. This new version has all but one unsafe temporary file open fixed. It can still be used safely when using the new TEMPDIRECTORY configuration option, which is now set to /root/tmp.

Updated packages

8.0 i586

 0044f1e76408952671b9cff40e8cc054  8.0/RPMS/tripwire-2.3.1.2-2.2mdk.i586.rpm
cae6fad50b3e382dbcf73306a9b0ec91  8.0/SRPMS/tripwire-2.3.1.2-2.2mdk.src.rpm