Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities (XSS, SQLi, Command Execution) Author: Peter Lapp, lappsec@gmail.com CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix has been released. Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. The vulnerability management section of the UI allows a user to upload a Nessus scan in NBE format. Using a specially crafted NBE file, a user can exploit multiple vulnerabilities such as XSS, SQLi, and Command Execution. Authentication is required to exploit this vulnerability, but admin privileges are not required. Any user with access to the Vulnerabilities page can perform these attacks. The vendor was notified almost 5 months ago about this vulnerability. Given that they have not responded to my recent requests for updates and just released a major version that did not patch these issues, I have decided to release the details. Technical Details ================= Various fields within the NBE file can be manipulated to exploit certain vulnerabilities. A pretty bare template that I used to test these issues looked something like this: timestamps|||scan_start|Thu Dec 11 17:00:51 2014| timestamps||1.1.1.1|host_start|Thu Dec 11 17:00:52 2014| results|1.1.1.1|1.1.1.1|cifs (445/tcp)|1234|Security Hole|Synopsis :\n\nThe remote host contains a web browser that is affected by multiple vulnerabilities.\nOther references : OSVDB:113197,OSVDB:113198,OSVDB:113199,OSVDB:115035\n timestamps||1.1.1.1|host_end|Thu Dec 11 17:11:58 2014| timestamps|||scan_end|Thu Dec 11 17:16:44 2014| Reflective XSS
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment