AlienVault v5.1.1 is now available for OSSIM and USM. Learn more
Check out the new Open Threat Exchange (OTX) - with social sharing of threat data. Sign up today
Looking for confirmation of security issue: MITM might execute arbitrary code on OSSIM during update
Did not find e-mail address via search for "security contact" in google or these forums, "report bug" is also unanswered, so I guess this should go here:
I'm using OSSIM 4 (standard iso download) and used alienvault-update (see http://alienvault.com/docs/3.0_release_notes.txt
) for updating the machine.
Due to unknown reason (MITM or just release signing/mirror problem), the install packages could not be authenticated. alienvault-update just continued, so if this was MITM I'm doomed.
Can someone reproduce this issue? Is just my installation broken?
Reproduce could be using "apt-key list" and "apt-key remove" when regular updates are available (Make backup of keys before). Otherwise I'll try again when updates are available again.
I observed update to continue with following warning:
WARNING: The following packages cannot be authenticated!
ossim-agent ossim-database-migration alienvault-directives-free
alienvault-crosscorrelation-free ossim-server ossim-contrib ossim-utils
snort-rules-default ossim-repo-key ossim-cd-configs ossim-cd-tools
ossim-geoip alienvault-dummy-sensor ossim-framework-daemon ossim-compliance
ossim-framework ossim-mysql alienvault-dummy-database ossim-downloads
alienvault-dummy-framework alienvault-idm alienvault-dummy-server