Nom du paquet
tripwire
Date
2004-06-07
Advisory ID
MDKSA-2004:057
Affected versions
9.2 i586 , CS2.1 i586 , 10.0 i586

Problem description

Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire (typically root). This vulnerability only exists when tripwire is generating an email report.

Updated packages

9.2 i586

 b8fa611b9f5c5b65bc8bfc30e880e6e5  9.2/RPMS/tripwire-2.3.1.2-7.1.92mdk.i586.rpm
ae1cd49c93ad98e770ddd82fb9a55356  9.2/SRPMS/tripwire-2.3.1.2-7.1.92mdk.src.rpm

CS2.1 i586

 69367ac3b8afe929b0542f1921606ea1  corporate/2.1/RPMS/tripwire-2.3.1.2-7.1.C21mdk.i586.rpm
85b56f3e3587ed3ff69ffd98708e9d39  corporate/2.1/SRPMS/tripwire-2.3.1.2-7.1.C21mdk.src.rpm

10.0 i586

 f7218d2fbde501fff2d418e7817679e6  10.0/RPMS/tripwire-2.3.1.2-7.1.100mdk.i586.rpm
4476fcbb452e7af2a7171e303f75f0f4  10.0/SRPMS/tripwire-2.3.1.2-7.1.100mdk.src.rpm

References