Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2001:064: tripwire Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the tripwire package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2001:064 (tripwire).

Jarno Juuskonen reported that a temporary file vulnerability exists in versions
of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in
/tmp without the O_EXCL flag during filesystem scanning and database updating, a
malicious user could execute a symlink attack against the temporary files. This
new version has all but one unsafe temporary file open fixed. It can still be
used safely when using the new TEMPDIRECTORY configuration option, which is now
set to /root/tmp.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.