Vigil@nce - OSSEC: privilege escalation via syscheck
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can make syscheck of OSSEC run shell commands, in
order to get administration privileges.
Impacted products: OSSEC.
Severity: 2/4.
Creation date: 11/06/2015.
DESCRIPTION OF THE VULNERABILITY
The OSSEC product includes a program named syscheck used to check
for changes in files.
Syscheck can provide the textual changes to the concerned files.
However, the filename is used as is to build the shell command
that actually compares 2 versions of the modified file. So an
attacker can use filenames with embedded quotes to inject shell
commands that will be run as "root".
An attacker can therefore make syscheck of OSSEC run shell
commands, in order to get administration privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OSSEC-privilege-escalation-via-syscheck-17111