AlienVault v5.3 is now available for OSSIM and USM. Learn more
Thanks for visiting the AlienVault Technical Forum! We recently launched some improvements. Learn more...
Looking for confirmation of security issue: MITM might execute arbitrary code on OSSIM during update
Did not find e-mail address via search for "security contact" in google or these forums, "report bug" is also unanswered, so I guess this should go here:
I'm using OSSIM 4 (standard iso download) and used alienvault-update (see http://alienvault.com/docs/3.0_release_notes.txt
) for updating the machine.
Due to unknown reason (MITM or just release signing/mirror problem), the install packages could not be authenticated. alienvault-update just continued, so if this was MITM I'm doomed.
Can someone reproduce this issue? Is just my installation broken?
Reproduce could be using "apt-key list" and "apt-key remove" when regular updates are available (Make backup of keys before). Otherwise I'll try again when updates are available again.
I observed update to continue with following warning:
WARNING: The following packages cannot be authenticated!
ossim-agent ossim-database-migration alienvault-directives-free
alienvault-crosscorrelation-free ossim-server ossim-contrib ossim-utils
snort-rules-default ossim-repo-key ossim-cd-configs ossim-cd-tools
ossim-geoip alienvault-dummy-sensor ossim-framework-daemon ossim-compliance
ossim-framework ossim-mysql alienvault-dummy-database ossim-downloads
alienvault-dummy-framework alienvault-idm alienvault-dummy-server