The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OSSEC

vulnerability alert 28451

OSSEC: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OSSEC.
Impacted products: OSSEC.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: user shell.
Creation date: 06/02/2019.
Identifiers: VIGILANCE-VUL-28451.

Description of the vulnerability

An attacker can use several vulnerabilities of OSSEC.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 26924

OSSEC: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OSSEC.
Impacted products: OSSEC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: user shell.
Creation date: 07/08/2018.
Identifiers: VIGILANCE-VUL-26924.

Description of the vulnerability

An attacker can use several vulnerabilities of OSSEC.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-3222

OSSEC: privilege escalation via syscheck

Synthesis of the vulnerability

An attacker can make syscheck of OSSEC run shell commands, in order to get administration privileges.
Impacted products: OSSEC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 11/06/2015.
Identifiers: CVE-2015-3222, VIGILANCE-VUL-17111.

Description of the vulnerability

The OSSEC product includes a program named syscheck used to check for changes in files.

Syscheck can provide the textual changes to the concerned files. However, the filename is used as is to build the shell command that actually compares 2 versions of the modified file. So an attacker can use filenames with embedded quotes to inject shell commands that will be run as "root".

An attacker can therefore make syscheck of OSSEC run shell commands, in order to get administration privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability 15360

OSSEC: SSH access on agents

Synthesis of the vulnerability

An attacker can read passwords of the Agentless Monitoring of OSSEC, in order to login with SSH on monitored servers.
Impacted products: OSSEC.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 16/09/2014.
Identifiers: VIGILANCE-VUL-15360.

Description of the vulnerability

The OSSEC product has an Agentless Monitoring mode to monitor hosts without an agent.

The SSH access to these servers is configured with:
  /var/ossec/agentless/register_host.sh add uti@server password
The password is stored in the /var/ossec/agentless/.passlist file.

However, this file can be read by all local users.

An attacker can therefore read passwords of the Agentless Monitoring of OSSEC, in order to login with SSH on monitored servers.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-5284

OSSEC host-deny.sh: file corruption via /tmp/hosts.deny.$$

Synthesis of the vulnerability

A local attacker can create a symbolic link named /tmp/hosts.deny.$$, in order to alter the pointed file, with privileges of OSSEC host-deny.sh.
Impacted products: OSSEC.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 10/09/2014.
Identifiers: CVE-2014-5284, VIGILANCE-VUL-15333.

Description of the vulnerability

The OSSEC host-deny.sh script uses a temporary file named /tmp/hosts.deny.$$.

However, when the file is opened, the program does not check if it is an existing symbolic link. The file pointed by the link is thus opened with privileges of the program.

Moreover, the file name is predictable, and is located in a publicly writable directory, so the attacker can create the symbolic link before its usage.

A local attacker can therefore create a symbolic link named /tmp/hosts.deny.$$, in order to alter the pointed file, with privileges of OSSEC host-deny.sh.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OSSEC: