OSSEC '.passlist' Insecure File Permissions Vulnerability
BID:69847
Info
OSSEC '.passlist' Insecure File Permissions Vulnerability
| Bugtraq ID: | 69847 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 16 2014 12:00AM |
| Updated: | Sep 16 2014 12:00AM |
| Credit: | Alejandro Ramos |
| Vulnerable: |
Trend Micro OSSEC 2.8 |
| Not Vulnerable: | |
Discussion
OSSEC '.passlist' Insecure File Permissions Vulnerability
OSSEC is prone to a local insecure file permissions vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks
OSSEC 2.8 is vulnerable; other versions may also be affected.
OSSEC is prone to a local insecure file permissions vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks
OSSEC 2.8 is vulnerable; other versions may also be affected.
Exploit / POC
OSSEC '.passlist' Insecure File Permissions Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OSSEC '.passlist' Insecure File Permissions Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
OSSEC '.passlist' Insecure File Permissions Vulnerability
References:
References:
- OSSEC Home Page (Trend Micro)
- Vendor Home Page (Trend Micro)