2 matches found
Mandrake Linux Security Advisory : tripwire (MDKSA-2004:057-1)
Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire typically root. This vulnerability only exists when tripwire is generating an email report. Update : The packages previously releas...
RHEL 2.1 : tripwire (RHSA-2004:244)
Updated Tripwire packages that fix a format string security vulnerability are now available. Tripwire is a system integrity assessment tool. Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local use...