Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200406-02] tripwire: Format string vulnerability

Vulnerability Assessment Details

[GLSA-200406-02] tripwire: Format string vulnerability
Vulnerability Assessment Summary
tripwire: Format string vulnerability

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200406-02
(tripwire: Format string vulnerability)


The code that generates email reports contains a format string
vulnerability in pipedmailmessage.cpp.

Impact

With a carefully crafted filename on a local filesystem a possible hacker could
cause execution of arbitrary code with permissions of the user running
tripwire, which could be the root user.

Workaround

There is no known workaround at this time.

References:
http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0


Solution:
All tripwire users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=app-admin/tripwire-2.3.1.2-r1"
# emerge ">=app-admin/tripwire-2.3.1.2-r1"


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game picture

A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game

$31.95


Vintage Atari 1025 Dot Matrix Printer - Untested - For Parts/Repair Only picture

Vintage Atari 1025 Dot Matrix Printer - Untested - For Parts/Repair Only

$59.95


Atari Power Cube 800XL, 600XL, 65XE, 130XE USB-C Power Supply PSU picture

Atari Power Cube 800XL, 600XL, 65XE, 130XE USB-C Power Supply PSU

$11.25


Vintage Atari XC12 Program Cassette Tape Player picture

Vintage Atari XC12 Program Cassette Tape Player

$69.90


Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device picture

Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device

$15.25


STAR RAIDERS CXL4011 AND QIX CLX4027 ATARI GAMES 400/800/1200 (SEE DESCRIPTION) picture

STAR RAIDERS CXL4011 AND QIX CLX4027 ATARI GAMES 400/800/1200 (SEE DESCRIPTION)

$24.99


A8PicoCart Kit Atari XE XL unocart clone multicart cartridge game picture

A8PicoCart Kit Atari XE XL unocart clone multicart cartridge game

$18.95


Vintage Atari Megafile 44 External 44MB Drive ST STE Mega picture

Vintage Atari Megafile 44 External 44MB Drive ST STE Mega

$315.00


Atari 1050 US Doubler upgrade kit picture

Atari 1050 US Doubler upgrade kit

$35.00


Atari 400 800 SALT Diagnostics Orange cart Cartridge Diags TE15644 Ver 2.05 picture

Atari 400 800 SALT Diagnostics Orange cart Cartridge Diags TE15644 Ver 2.05

$25.99


Discussions

No Discussions have been posted on this vulnerability.