Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tripwire Email报告功能格式串处理漏洞
Vulnerability Description
Tripwire(tm)数据和网络完整性的检查工具。 tripwire产生EMAIL报告时存在格式串问题,本地攻击者可以利用这个漏洞以进程权限(一般是root)在系统上执行任意指令。 当tripwire使用'tripwire -m c -M'产生EMAIL报告时,每一行报告会传递给pipedmailmessage.cpp文件中的fprintf()函数,如: fprintf(mpFile, s.c_str() ); 如果本地用户能够精心构建一个特殊文件名,然后文件在产生报告时被传递给fprintf()函数,
CVSS Information
N/A
Vulnerability Type
N/A