|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200406-02] tripwire: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary tripwire: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200406-02
(tripwire: Format string vulnerability)
The code that generates email reports contains a format string
vulnerability in pipedmailmessage.cpp.
Impact
With a carefully crafted filename on a local filesystem a possible hacker could
cause execution of arbitrary code with permissions of the user running
tripwire, which could be the root user.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0
Solution:
All tripwire users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=app-admin/tripwire-2.3.1.2-r1"
# emerge ">=app-admin/tripwire-2.3.1.2-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|