[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201402061446.s16EkHOG024626@sf01web2.securityfocus.com>
Date: Thu, 6 Feb 2014 14:46:17 GMT
From: jakx.ppr@...il.com
To: bugtraq@...urityfocus.com
Subject: AlienVault OSSIM SQL Injection vulnerability
INDEX
---------------------------------------
1. Background
2. Description
3. Affected Products
4. Vulnerability
5. Solution
6. Credit
7. Disclosure Timeline
1. BACKGROUND
---------------------------------------
OSSIM by AlienVault is an Open Source Security Information and Event Management (SIEM) platform, comprising a collection of tools designed to aid network administrator in computer security, intrusion detection and prevention.
(Wikipedia)
2. DESCRIPTION
---------------------------------------
A vulnerability has been discovered in the OSSIM's OCS Inventory web interface due to insufficient input validation before inserting untrusted, user-supplied data into a SQL query.
3. AFFECTED PRODUCTS
---------------------------------------
AlienVault OSSIM 4.3
4. VULNERABILITIES
---------------------------------------
4.1 /ocsreports/tele_stats.php
4.11 The associated query was confirmed to be running with 'root' user privileges
5. SOLUTION
---------------------------------------
Vendor contacted and confirmed that vulnerable application was removed in recent versions. Upgrade to latest version.
http://forums.alienvault.com/discussion/1873/security-advisory-all-alienvault-versions-prior-to-v4-3-3-1
6. CREDIT
---------------------------------------
This vulnerability was discovered by Andrew Smith.
7. DISCLOSURE TIMELINE
---------------------------------------
1-18-2014 - Vulnerability Discovered
1-27-2014 - Vendor Informed
2-3-2014 - Public Disclosure
Powered by blists - more mailing lists