[Please upgrade when a new version of Tripwire is released -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: Ron Forrester <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Format String Vulnerability in Tripwire Date: 4 Jun 2004 22:39:13 -0000 In-Reply-To: <[EMAIL PROTECTED]> Okay folks, one more time. We've identified a couple more important bits of information regarding this vulnerability, mainly that it is present only in the code for processing email reports when the MAILMETHOD is sendmail. This provides some important points of clarification: 1) It is not present in our Windows binaries, since sendmail is not an option on this platform. 2) Another, and probably best yet workaround on *nix, is to change from using sendmail to SMTP as your email method. This requires setting a couple of additional configuration variables (SMTPHOST and possibly SMTPPORT). #2 is true of both our commercial *nix binaries as well as the open source version. I'll let everyone know if we uncover additional information regarding this issue. Cheers, Ron Forrester Security Architect Tripwire, Inc. ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
