Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0536

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0536
Last Modified 10 Sep 2008 03:26:46
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0536

Summary

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.

Vulnerable Systems

Application

  • Tripwire 2.2.1

  • Tripwire 2.3.0

  • Tripwire 2.3.1

  • Tripwire 2.3.1.2

  • Tripwire 2.4.0

  • Tripwire 2.4.2

  • Tripwire 3.0

  • Tripwire 3.0.1

  • Tripwire 4.0

  • Tripwire 4.0.1

  • Tripwire 4.1


References

GENTOO - GLSA-200406-02

XF - tripwire-fprintf-format-string(16309)

BID - 10454

REDHAT - RHSA-2004:244

BUGTRAQ - 20040603 Re: Format String Vulnerability in Tripwire

BUGTRAQ - 20040602 Format String Vulnerability in Tripwire


Last Updated: 27 May 2016 10:38:38