Bugtraq mailing list archives
Re: Tripwire mess..
From: mlists () GIZMO KYRNET KG (CyberPsychotic)
Date: Fri, 8 Jan 1999 12:31:40 +0500
~ ~ I reported this to the author maybe a year and a half ago(?). I ~ was evidently not the first as the author already knew about the problem. ~ I would recommend against using security tools that are not properly ~ maintained. It's probably worth looking at the release date of a package ~ before using it and reconsidering if it hasn't been touched within the ~ last 6 months or year. There are probably other bugs lurking that the ~ author hasn't bothered to fix. ~ yes. After my post to bugtraq I had one private message from a person, who pointed me to tripwire-1.3 source code, which is realeased for Academic use by visualcomputing. I checked the source out, the bug which I mentioned (marked with(*)(among some others) is fixed there(from Changelog): ~ ~ 1.3 (release) Fri Jul 17 18:02:53 PDT 1998 ~ fixed database entry consistency bug. ~(*) fixed database filename construction routine. ~ made "loosedir" reporting the default. makes superfluous directory ~ changes go away. ~ made reports more succinct, and much more quiet when there's nothing ~ worth reporting. ~ updated manual. ~ added Visual Computing Corporation banner to startup. ~ eliminated RCS banners for any changed files (RCS no longer being ~ the source control system for our source archives). ~ pulled out user manual (.doc and .pdf files) out of Tripwire package. ~ will be distributed separately. ~ removed twdb_check.pl from Tripwire package. ~ updated README, README.FIRST, and COAST.info files. ~ aux directory is now util, to accommodate DOS FAT filename ~ restrictions. I think Tripwire just went commercial and they do not feel to update their old stuff anymore. I have mirrored the 1-3 version of tripwire at http://www.underground.org.kg/security/tripwire if anyone is interested (or you could get it from www.visualcomputing.com after filling in some webform). regards Fyodor
Current thread:
- Re: Tripwire mess.., (continued)
- Re: Tripwire mess.. Jon Torrez (Jan 05)
- Administrivia Aleph One (Jan 05)
- HTTP REQUEST_METHOD flaw mnemonix (Jan 06)
- Re: HTTP REQUEST_METHOD flaw Marc Slemko (Jan 06)
- Re: HTTP REQUEST_METHOD flaw Kragen Sitaker (Jan 07)
- Re: HTTP REQUEST_METHOD flaw pedward () WEBCOM COM (Jan 06)
- security and multicast Donald McLachlan (Jan 06)
- Re: Tripwire mess.. Ron DuFresne (Jan 06)
- Another way to crash HP printers bwoodard () CISCO COM (Jan 06)
- Re: Tripwire mess.. Austin Schutz (Jan 06)
- Re: Tripwire mess.. CyberPsychotic (Jan 07)
- ICMP v2.1 Lethan (Jan 07)
- Re: Tripwire mess.. Gene Spafford (Jan 07)
- Re: Tripwire mess.. Jon Speer (Jan 08)