112505 : RHSA-2004-244: Tripwire

Risk 4 : Red Hat Local Checks

Updated Tripwire packages that fix a format string security vulnerability are now available.

Tripwire is a system integrity assessment tool.

Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local user could gain privileges by creating a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0536 to this issue.

Users of Tripwire are advised to upgrade to this erratum package which contains a backported security patch to correct this issue. The erratum package also contains some minor bug fixes.

Solution:
Get the newest RedHat Updates.
References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse