Vulnerability Description
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tripwire | Tripwire | 2.2.1 |
References
- http://marc.info/?l=bugtraq&m=108627481507249&w=2
- http://marc.info/?l=bugtraq&m=108630983009228&w=2
- http://security.gentoo.org/glsa/glsa-200406-02.xmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-244.html
- http://www.securityfocus.com/bid/10454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16309
- http://marc.info/?l=bugtraq&m=108627481507249&w=2
- http://marc.info/?l=bugtraq&m=108630983009228&w=2
- http://security.gentoo.org/glsa/glsa-200406-02.xmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-244.html
- http://www.securityfocus.com/bid/10454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16309
FAQ
What is CVE-2004-0536?
CVE-2004-0536 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file nam...
How severe is CVE-2004-0536?
CVE-2004-0536 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0536?
Check the references section above for vendor advisories and patch information. Affected products include: Tripwire Tripwire.