aru Posted July 7, 2004 Report Share Posted July 7, 2004 Mandrakesoft Security Advisories MDKSA-2004:057-1 : tripwire Updated tripwire packages fix format string vulnerability July 6th, 2004 Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire (typically root).This vulnerability only exists when tripwire is generating an email report. Update: The packages previously released for Mandrakelinux 9.2 would segfault when doing a check due to compilation problems.The updated packages correct the problem. The released versions of Mandrake GNU/Linux affected are: 9.2Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:057-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0536 http://www.securityfocus.com/archive/1/365036 Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts