Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tripwire | Tripwire | 2.4.0 | 2.4.0 |
Tripwire | Tripwire | 3.0.1 | 3.0.1 |
Tripwire | Tripwire | 2.3.1.2 | 2.3.1.2 |
Tripwire | Tripwire | 4.1 | 4.1 |
Tripwire | Tripwire | 2.3.1 | 2.3.1 |
Tripwire | Tripwire | 2.4.2 | 2.4.2 |
Tripwire | Tripwire | 3.0 | 3.0 |
Tripwire | Tripwire | 4.0.1 | 4.0.1 |
Tripwire | Tripwire | 4.0 | 4.0 |
Tripwire | Tripwire | 2.3.0 | 2.3.0 |
Tripwire | Tripwire | 2.2.1 | 2.2.1 |