GLSA-200406-02 : tripwire: Format string vulnerability
High Nessus Plugin ID 14513
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200406-02 (tripwire: Format string vulnerability)
The code that generates email reports contains a format string vulnerability in pipedmailmessage.cpp.
With a carefully crafted filename on a local filesystem an attacker could cause execution of arbitrary code with permissions of the user running tripwire, which could be the root user.
There is no known workaround at this time.
SolutionAll tripwire users should upgrade to the latest stable version:
# emerge sync # emerge -pv '>=app-admin/tripwire-126.96.36.199-r1' # emerge '>=app-admin/tripwire-188.8.131.52-r1'