Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-244: tripwire Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the tripwire packages
Detailed Explanation for this Vulnerability Test
Updated Tripwire packages that fix a format string security vulnerability
are now available.
Tripwire is a system integrity assessment tool.
Paul Herman discovered a format string vulnerability in Tripwire version
2.3.1 and earlier. If Tripwire is configured to send reports via email, a
local user could gain rights by creating a carefully crafted file. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2004-0536 to this issue.
Users of Tripwire are advised to upgrade to this erratum package which
contains a backported security patch to correct this issue. The erratum
package also contains some minor bug fixes.
Solution : http://rhn.redhat.com/errata/RHSA-2004-244.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.