Intrusion Prevention

Tripwire.Format.String

Description

This indicates an attack attempt to exploit a format string vulnerability in Tripwire. The vulnerability is a result of the application's failure to implement a formatted string function. As a result, remote attacker can execute arbitrary code on a system running the affected software.

Affected Products

Tripwire Tripwire Open Source 2.3.1
Tripwire Tripwire Open Source 2.3 .0
Tripwire Tripwire 4.1
Tripwire Tripwire 4.0.1
Tripwire Tripwire 4.0
Tripwire Tripwire 3.0 1
Tripwire Tripwire 3.0
Tripwire Tripwire 2.4.2
Tripwire Tripwire 2.4 .0
Tripwire Tripwire 2.3.1 -2
Tripwire Tripwire 2.3.1
Tripwire Tripwire 2.3 .0
Tripwire Tripwire 2.2.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor:
http://www.tripwire.com/resources/updates/index.cfm

CVE References

CVE-2004-0536

Other References

SA11763