Nom du paquet
tripwire
Date
2004-07-06
Advisory ID
MDKSA-2004:057-1
Affected versions
9.2 i586

Problem description

Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire (typically root). This vulnerability only exists when tripwire is generating an email report. Update: The packages previously released for Mandrakelinux 9.2 would segfault when doing a check due to compilation problems. The updated packages correct the problem.

Updated packages

9.2 i586

 41dc4b726c3538ce29ff43cc21dce2d7  9.2/RPMS/tripwire-2.3.1.2-7.2.92mdk.i586.rpm
5e57f7157f206ff20a8a1d425734c84e  9.2/SRPMS/tripwire-2.3.1.2-7.2.92mdk.src.rpm

References