8 matches found
CVE-2004-0536
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report...
Mandrake Linux Security Advisory : tripwire (MDKSA-2001:064)
Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the OEXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the...
CVE-2004-0536
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report...
CVE-2004-0536
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report...
tripwire: Format string vulnerability
Background tripwire is an open source file integrity checker. Description The code that generates email reports contains a format string vulnerability in pipedmailmessage.cpp. Impact With a carefully crafted filename on a local filesystem an attacker could cause execution of arbitrary code with...
[Full-Disclosure] Format String Vulnerability in Tripwire
SUMMARY ------- Tripwiretm is a Security, Intrusion Detection, Damage Assessment and Recovery, Forensics software. A vulnerability in the product allows a user on the local machine under certain circumstances to execute arbitrary code with the rights of the user running the program typically root...
Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...
Tripwire temporary files
------------------------------------------------------------ Insecure temporary files in Tripwire [email protected] $Date: 2001/07/09 05:02:02 $ ------------------------------------------------------------ Author: Jarno Huuskonen [email protected] Discovered: Tue 16 Jan 2001 Vendor...