CVE-2004-0536 Information

Description

Format string vulnerability in Tripwire commercial 4.0.1 and earlier including 2.4 and open source 2.3.1 and earlier allows local users to gain privileges via format string specifiers in a file name which is used in the generation of an email report.

Reference

http://marc.info/?l=bugtraq&m=108627481507249&w=2 http://marc.info/?l=bugtraq&m=108630983009228&w=2 http://security.gentoo.org/glsa/glsa-200406-02.xml http://www.redhat.com/support/errata/RHSA-2004-244.html http://www.securityfocus.com/bid/10454 https://exchange.xforce.ibmcloud.com/vulnerabilities/16309