• Support
  • Forums
  • Blogs

Looking for confirmation of security issue: MITM might execute arbitrary code on OSSIM during update


Entry Level
Did not find e-mail address via search for "security contact" in google or these forums, "report bug" is also unanswered, so I guess this should go here:

I'm using OSSIM 4 (standard iso download) and used alienvault-update (see http://alienvault.com/docs/3.0_release_notes.txt) for updating the machine.

Due to unknown reason (MITM or just release signing/mirror problem), the install packages could not be authenticated. alienvault-update just continued, so if this was MITM I'm doomed.

Can someone reproduce this issue? Is just my installation broken?

Reproduce could be using "apt-key list" and "apt-key remove" when regular updates are available (Make backup of keys before). Otherwise I'll try again when updates are available again.

I observed update to continue with following warning:

WARNING: The following packages cannot be authenticated!
  ossim-agent ossim-database-migration alienvault-directives-free
  alienvault-crosscorrelation-free ossim-server ossim-contrib ossim-utils
  snort-rules-default ossim-repo-key ossim-cd-configs ossim-cd-tools
  ossim-geoip alienvault-dummy-sensor ossim-framework-daemon ossim-compliance
  ossim-framework ossim-mysql alienvault-dummy-database ossim-downloads
  alienvault-dummy-framework alienvault-idm alienvault-dummy-server
  ossim-menu-setup ossim-osvdb

Share post:

This discussion has been closed.