Bugtraq mailing list archives

Re: Tripwire mess..

From: mlists () GIZMO KYRNET KG (CyberPsychotic)
Date: Fri, 8 Jan 1999 12:31:40 +0500


~
~         I reported this to the author maybe a year and a half ago(?). I
~ was evidently not the first as the author already knew about the problem.
~         I would recommend against using security tools that are not properly
~ maintained. It's probably worth looking at the release date of a package
~ before using it and reconsidering if it hasn't been touched within the
~ last 6 months or year. There are probably other bugs lurking that the
~ author hasn't bothered to fix.
~

 yes. After my post to bugtraq I had one private message from a person,
who pointed me to tripwire-1.3 source code, which is realeased for
Academic use by visualcomputing. I checked the source out, the bug which I
mentioned (marked with(*)(among some others) is fixed there(from
Changelog):

~
~ 1.3 (release)                          Fri Jul 17 18:02:53 PDT 1998
~     fixed database entry consistency bug.
~(*)  fixed database filename construction routine.
~     made "loosedir" reporting the default.  makes superfluous directory
~       changes go away.
~     made reports more succinct, and much more quiet when there's nothing
~       worth reporting.
~     updated manual.
~     added Visual Computing Corporation banner to startup.
~     eliminated RCS banners for any changed files (RCS no longer being
~       the source control system for our source archives).
~     pulled out user manual (.doc and .pdf files) out of Tripwire package.
~       will be distributed separately.
~     removed twdb_check.pl from Tripwire package.
~     updated README, README.FIRST, and COAST.info files.
~     aux directory is now util, to accommodate DOS FAT filename
~       restrictions.


I think Tripwire just went commercial and they do not feel to update their
old stuff anymore. I have mirrored the 1-3 version of tripwire at
http://www.underground.org.kg/security/tripwire if anyone is interested
(or you could get it from www.visualcomputing.com after filling in some
webform).


regards

        Fyodor

Current thread:

Re: Tripwire mess.., (continued)
- - Re: Tripwire mess.. Jon Torrez (Jan 05)
  - Administrivia Aleph One (Jan 05)
  - HTTP REQUEST_METHOD flaw mnemonix (Jan 06)
    - Re: HTTP REQUEST_METHOD flaw Marc Slemko (Jan 06)
    - Re: HTTP REQUEST_METHOD flaw Kragen Sitaker (Jan 07)
    - Re: HTTP REQUEST_METHOD flaw pedward () WEBCOM COM (Jan 06)
- security and multicast Donald McLachlan (Jan 06)
- Re: Tripwire mess.. Ron DuFresne (Jan 06)
- Another way to crash HP printers bwoodard () CISCO COM (Jan 06)
- Re: Tripwire mess.. Austin Schutz (Jan 06)
  - Re: Tripwire mess.. CyberPsychotic (Jan 07)
- ICMP v2.1 Lethan (Jan 07)
- Re: Tripwire mess.. Gene Spafford (Jan 07)
  - Re: Tripwire mess.. Jon Speer (Jan 08)