[Please upgrade when a new version of Tripwire is released -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: Ron Forrester <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Format String Vulnerability in Tripwire Date: 4 Jun 2004 22:39:13 -0000 In-Reply-To: <[EMAIL PROTECTED]> Okay folks, one more time. We've identified a couple more important bits of information regarding this vulnerability, mainly that it is present only in the code for processing email reports when the MAILMETHOD is sendmail. This provides some important points of clarification: 1) It is not present in our Windows binaries, since sendmail is not an option on this platform. 2) Another, and probably best yet workaround on *nix, is to change from using sendmail to SMTP as your email method. This requires setting a couple of additional configuration variables (SMTPHOST and possibly SMTPPORT). #2 is true of both our commercial *nix binaries as well as the open source version. I'll let everyone know if we uncover additional information regarding this issue. Cheers, Ron Forrester Security Architect Tripwire, Inc. ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
