[8987] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Tripwire mess..

daemon@ATHENA.MIT.EDU (CyberPsychotic)
Fri Jan 8 12:50:15 1999

Date: 	Fri, 8 Jan 1999 12:31:40 +0500
Reply-To: fygrave@tigerteam.net
From: CyberPsychotic <mlists@GIZMO.KYRNET.KG>
X-To:         Austin Schutz <tex@SHRUBBERY.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19990106184150.07246@shrubbery.net>

~
~         I reported this to the author maybe a year and a half ago(?). I
~ was evidently not the first as the author already knew about the problem.
~         I would recommend against using security tools that are not properly
~ maintained. It's probably worth looking at the release date of a package
~ before using it and reconsidering if it hasn't been touched within the
~ last 6 months or year. There are probably other bugs lurking that the
~ author hasn't bothered to fix.
~

 yes. After my post to bugtraq I had one private message from a person,
who pointed me to tripwire-1.3 source code, which is realeased for
Academic use by visualcomputing. I checked the source out, the bug which I
mentioned (marked with(*)(among some others) is fixed there(from
Changelog):

~
~ 1.3 (release)                          Fri Jul 17 18:02:53 PDT 1998
~     fixed database entry consistency bug.
~(*)  fixed database filename construction routine.
~     made "loosedir" reporting the default.  makes superfluous directory
~       changes go away.
~     made reports more succinct, and much more quiet when there's nothing
~       worth reporting.
~     updated manual.
~     added Visual Computing Corporation banner to startup.
~     eliminated RCS banners for any changed files (RCS no longer being
~       the source control system for our source archives).
~     pulled out user manual (.doc and .pdf files) out of Tripwire package.
~       will be distributed separately.
~     removed twdb_check.pl from Tripwire package.
~     updated README, README.FIRST, and COAST.info files.
~     aux directory is now util, to accommodate DOS FAT filename
~       restrictions.


I think Tripwire just went commercial and they do not feel to update their
old stuff anymore. I have mirrored the 1-3 version of tripwire at
http://www.underground.org.kg/security/tripwire if anyone is interested
(or you could get it from www.visualcomputing.com after filling in some
webform).


regards

        Fyodor

home help back first fref pref prev next nref lref last post