Updated Tripwire packages that fix a format string security vulnerability are now available.
Tripwire is a system integrity assessment tool.
Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local user could gain privileges by creating a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0536 to this issue.
Users of Tripwire are advised to upgrade to this erratum package which contains a backported security patch to correct this issue. The erratum package also contains some minor bug fixes.
Get the newest RedHat Updates.
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact