140 matches found
PT-2020-20148 · Trend Micro · Ossec-Hids
Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The issue affects the server component responsible for log analysis, ossec-analysisd, which is vulnerable to a denial of service due to a NULL pointer dereference. This can be triggered by...
PT-2020-20142 · Trend Micro · Ossec-Hids
Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The server component responsible for log analysis, ossec-analysisd, is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...
PT-2020-20146 · Trend Micro · Ossec-Hids
Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The server component responsible for log analysis, ossec-analysisd, is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX doma...
PT-2020-20145 · Trend Micro · Ossec-Hids
Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The issue arises from the OS CleanMSG function in ossec-analysisd, which fails to remove or encode terminal control characters or newlines from processed log messages. This can lead to the...
OSSEC-HIDS Security Audit Findings
Hi folks, I spent some free time recently auditing OSSEC. I w...
Thoughts on OSSEC Con 2019
Last week I attended my first OSSEC conference. I first blogged about OSSEC in 2007, and wrote other posts about it in the following years. OSSEC is a host-based intrusion detection and log analysis system with correlation and active response features. It is cross-platform, such that I can run it...
Unprotected OSSEC/Wazuh ossec-authd (authd Protocol)
The remote OSSEC/Wazuh ossec-authd service is not protected by password authentication or client certificate verification. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OSSEC/Wazuh ossec-authd Service Detection (TCP)
TCP based detection of a OSSEC/Wazuh ossec-authd service. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-19666
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server...
CVE-2018-19666
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server...
Directory traversal
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server...
CVE-2018-19666
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server...
CVE-2018-19666
OSSEC OSSEC agent for Windows (version 3.1.0) is affected. A directory traversal flaw allows a local user with full access to the OSSEC server to escalate to NT AUTHORITY\SYSTEM. The issue is identified as CVE-2018-19666 across multiple feeds. Exploitation status is not detailed in the provided d...
Open Source Host & Endpoint Security: Wazuh
Wazuh is a security detection, visibility, and compliance open source project. It was born as a fork of OSSEC HIDS, later was integrated with Elastic Stack and OpenSCAP evolving into a more comprehensive solution. Wazuh helps you to gain deeper security visibility into your infrastructure by...
ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec...
It is common to see that many IDS intrusion and detection system, including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that...
Security Onion - Linux Distro For IDS, NSM, And Log Management
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wiza...
Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins
Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow...
Wazuh - Open Source Host and Endpoint Security
Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities: Log management and analysis: Wazuh agents read operating...
CVE-2015-3222
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root...
Code injection
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root...