Vulnerability Details CVE-2004-0536
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://marc.info/?l=bugtraq&m=108627481507249&w=2
- http://marc.info/?l=bugtraq&m=108630983009228&w=2
- http://security.gentoo.org/glsa/glsa-200406-02.xml
- http://www.redhat.com/support/errata/RHSA-2004-244.html
- http://www.securityfocus.com/bid/10454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16309
- http://marc.info/?l=bugtraq&m=108627481507249&w=2
- http://marc.info/?l=bugtraq&m=108630983009228&w=2
- http://security.gentoo.org/glsa/glsa-200406-02.xml
- http://www.redhat.com/support/errata/RHSA-2004-244.html
- http://www.securityfocus.com/bid/10454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16309
Products affected by CVE-2004-0536
-
cpe:2.3:a:tripwire:tripwire:2.2.1
-
cpe:2.3:a:tripwire:tripwire:2.3.0
-
cpe:2.3:a:tripwire:tripwire:2.3.1
-
cpe:2.3:a:tripwire:tripwire:2.3.1.2
-
cpe:2.3:a:tripwire:tripwire:2.4.0
-
cpe:2.3:a:tripwire:tripwire:2.4.2
-
cpe:2.3:a:tripwire:tripwire:3.0
-
cpe:2.3:a:tripwire:tripwire:3.0.1
-
cpe:2.3:a:tripwire:tripwire:4.0
-
cpe:2.3:a:tripwire:tripwire:4.0.1
-
cpe:2.3:a:tripwire:tripwire:4.1