OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures

From: roman.fiedler@ait.ac.at
To: bugtraq@securityfocus.com
Cc:
Subject: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures
Date:


It seems that OSSIM does not check the signature when running apt updates via network. This would allow MITM attackers to install arbitrary code when updating OSSIM. The issue seems to be already known for some time although there is no confirmation from the company AlienVault behind it. So it might be, that only the non-commercial version is affected.

See http://forums.alienvault.com/discussion/512/looking-for-confirmation-of-security-issue-mitm-might-execute-arbitrary-code-on-ossim-during-update





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.