Tripwire fprintf format string
| tripwire-fprintf-format-string (16309) |  High Risk |
Description:
Tripwire is vulnerable to a format string attack. If the MAILMETHOD is sendmail, a local attacker could create a file containing a specially-crafted filename, allowing the attacker to possibly execute arbitrary code on the system, once the victim generates an email report.
Consequences:
Gain Privileges
Remedy:
The vendor recommends applying Paul Herman's patch, available from Full Disclosure Mailing list Wed Jun 02 2004 - 18:41:16 CDT. See References.
For Mandrake Linux:
Upgrade to the latest tripwire package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:057 : tripwire for more information.See References.
Mandrake Linux 10.0: 2.3.1.2-7.1.100mdk or later
Upgrade to the latest tripwire package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:057-1 : tripwire for more information.See References.
Mandrake Linux 9.2: .3.1.2-7.2.92mdk or later
For Gentoo Linux:
Upgrade to the latest version of tripwire (2.3.1.2-r1 or later), as listed in GLSA 200406-02. See References.
For Red Hat Linux:
Upgrade to the latest tripwire package, as listed below. Refer to RHSA-2004:244-03 for more information. See References.
Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1): 2.3.1-18 or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Fri Jun 04 2004 - 17:39:13 CDT: Re: Format String Vulnerability in Tripwire.
- BugTraq Mailing List, Thu Jun 03 2004 - 16:52:36 CDT: Re: Format String Vulnerability in Tripwire.
- BugTraq Mailing List, Thu Jun 03 2004 - 16:52:36 CDT: Re: Format String Vulnerability in Tripwire.
- CIAC Information Bulletin O-162: Red Hat Updated Tripwire Packages Fix Security Flaw.
- Full-Disclosure Mailing List, Wed Jun 02 2004 - 18:41:16 CDT: Format String Vulnerability in Tripwire.
- Tripwire Web site: Tripwire Product Updates.
- BID-10454: Tripwire Email Reporting Format String Vulnerability
- CVE-2004-0536: Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
- GLSA-200406-02: tripwire: Format string vulnerability
- MDKSA-2004:057: Updated tripwire packages fix format string vulnerability
- MDKSA-2004:057-1: Updated tripwire packages fix format string vulnerability
- RHSA-2004-244: tripwire security update
Platforms Affected:
- Gentoo Linux
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- RedHat Enterprise Linux 2.1 AS
- RedHat Enterprise Linux 2.1 ES
- RedHat Enterprise Linux 2.1 WS
- Tripwire - Commercial Tripwire - Commercial 4.0.1 and prior
- Tripwire - open-source Tripwire - open-source 2.3.1 and prior
Reported:
Jun 02, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net